From 6794ec3f5177da0b41142c6ba8a8cc63fd2ee9b0 Mon Sep 17 00:00:00 2001
From: Jessie Young <jessieyoung@gitlab.com>
Date: Sat, 30 Nov 2024 20:03:52 +0000
Subject: [PATCH] Upgrade doorkeeper-openid_connect to 1.8.10
* We were vendoring the gem before in order to fix version dependency
issues with doorkeepeer (before it didn't support 5.8), see
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/173481
* Those version dependency issues were fixed in
https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/214
* Those change were released with v 1.8.10 of the gem
---
Gemfile | 4 +-
Gemfile.checksum | 1 +
Gemfile.lock | 12 +-
Gemfile.next.checksum | 1 +
Gemfile.next.lock | 12 +-
.../doorkeeper-openid_connect/.gitlab-ci.yml | 9 -
.../doorkeeper-openid_connect/CHANGELOG.md | 288 ------------
.../doorkeeper-openid_connect/CONTRIBUTING.md | 46 --
vendor/gems/doorkeeper-openid_connect/Gemfile | 15 -
.../doorkeeper-openid_connect/LICENSE.txt | 22 -
.../gems/doorkeeper-openid_connect/README.md | 342 --------------
.../gems/doorkeeper-openid_connect/Rakefile | 26 --
.../authorizations_extension.rb | 12 -
.../openid_connect/discovery_controller.rb | 146 ------
.../openid_connect/userinfo_controller.rb | 13 -
.../doorkeeper-openid_connect/bin/console | 10 -
.../gems/doorkeeper-openid_connect/bin/setup | 8 -
.../config/locales/en.yml | 23 -
.../doorkeeper-openid_connect.gemspec | 35 --
.../gemfiles/doorkeeper_master.gemfile | 9 -
.../gemfiles/rails_6.0.gemfile | 8 -
.../gemfiles/rails_6.1.gemfile | 8 -
.../gemfiles/rails_7.0.gemfile | 8 -
.../lib/doorkeeper/oauth/id_token_request.rb | 37 --
.../lib/doorkeeper/oauth/id_token_response.rb | 33 --
.../oauth/id_token_token_request.rb | 15 -
.../oauth/id_token_token_response.rb | 14 -
.../lib/doorkeeper/openid_connect.rb | 76 ---
.../openid_connect/claims/aggregated_claim.rb | 11 -
.../doorkeeper/openid_connect/claims/claim.rb | 37 --
.../claims/distributed_claim.rb | 11 -
.../openid_connect/claims/normal_claim.rb | 20 -
.../openid_connect/claims_builder.rb | 39 --
.../lib/doorkeeper/openid_connect/config.rb | 84 ----
.../lib/doorkeeper/openid_connect/engine.rb | 15 -
.../lib/doorkeeper/openid_connect/errors.rb | 31 --
.../openid_connect/helpers/controller.rb | 141 ------
.../lib/doorkeeper/openid_connect/id_token.rb | 72 ---
.../openid_connect/id_token_token.rb | 35 --
.../oauth/authorization/code.rb | 39 --
.../oauth/authorization_code_request.rb | 26 --
.../oauth/password_access_token_request.rb | 33 --
.../openid_connect/oauth/pre_authorization.rb | 30 --
.../openid_connect/oauth/token_response.rb | 25 -
.../openid_connect/orm/active_record.rb | 52 ---
.../orm/active_record/access_grant.rb | 17 -
.../orm/active_record/request.rb | 21 -
.../doorkeeper/openid_connect/rails/routes.rb | 72 ---
.../openid_connect/rails/routes/mapper.rb | 32 --
.../openid_connect/rails/routes/mapping.rb | 38 --
.../doorkeeper/openid_connect/user_info.rb | 37 --
.../lib/doorkeeper/openid_connect/version.rb | 7 -
.../lib/doorkeeper/request/id_token.rb | 19 -
.../lib/doorkeeper/request/id_token_token.rb | 19 -
.../openid_connect/install_generator.rb | 17 -
.../openid_connect/migration_generator.rb | 33 --
.../openid_connect/templates/initializer.rb | 72 ---
.../openid_connect/templates/migration.rb.erb | 15 -
.../controllers/discovery_controller_spec.rb | 316 -------------
.../authorizations_controller_spec.rb | 433 ------------------
...authorized_applications_controller_spec.rb | 15 -
.../controllers/userinfo_controller_spec.rb | 65 ---
.../spec/dummy/Rakefile | 8 -
.../spec/dummy/app/assets/config/manifest.js | 3 -
.../spec/dummy/app/assets/images/.keep | 0
.../app/assets/javascripts/application.js | 13 -
.../app/assets/stylesheets/application.css | 15 -
.../app/channels/application_cable/channel.rb | 6 -
.../channels/application_cable/connection.rb | 6 -
.../app/controllers/application_controller.rb | 5 -
.../spec/dummy/app/controllers/concerns/.keep | 0
.../dummy/app/helpers/application_helper.rb | 4 -
.../spec/dummy/app/jobs/application_job.rb | 4 -
.../dummy/app/mailers/application_mailer.rb | 6 -
.../dummy/app/models/application_record.rb | 5 -
.../spec/dummy/app/models/concerns/.keep | 0
.../spec/dummy/app/models/user.rb | 7 -
.../spec/dummy/bin/bundle | 5 -
.../spec/dummy/bin/rails | 6 -
.../spec/dummy/bin/rake | 6 -
.../spec/dummy/bin/setup | 36 --
.../spec/dummy/bin/update | 31 --
.../spec/dummy/config.ru | 7 -
.../spec/dummy/config/application.rb | 16 -
.../spec/dummy/config/boot.rb | 5 -
.../spec/dummy/config/database.yml | 26 --
.../spec/dummy/config/environment.rb | 5 -
.../spec/dummy/config/environments/test.rb | 32 --
.../dummy/config/initializers/doorkeeper.rb | 16 -
.../initializers/doorkeeper_openid_connect.rb | 83 ----
.../locales/doorkeeper_openid_connect.en.yml | 23 -
.../spec/dummy/config/routes.rb | 6 -
.../spec/dummy/config/secrets.yml | 22 -
.../db/migrate/20111122132257_create_users.rb | 11 -
.../20120312140401_add_password_to_users.rb | 7 -
...20151223192035_create_doorkeeper_tables.rb | 62 ---
...20151223200000_add_owner_to_application.rb | 9 -
...previous_refresh_token_to_access_tokens.rb | 13 -
...2204540_add_current_sign_in_at_to_users.rb | 7 -
...152859_add_confidential_to_applications.rb | 13 -
.../db/migrate/20221122044143_enable_pkce.rb | 8 -
.../spec/dummy/db/schema.rb | 76 ---
.../spec/dummy/lib/assets/.keep | 0
.../spec/dummy/log/.keep | 0
.../spec/dummy/public/404.html | 67 ---
.../spec/dummy/public/422.html | 67 ---
.../spec/dummy/public/500.html | 66 ---
.../spec/dummy/public/favicon.ico | 0
.../spec/factories.rb | 35 --
.../spec/lib/claims/claim_spec.rb | 32 --
.../spec/lib/config_spec.rb | 232 ----------
.../spec/lib/id_token_spec.rb | 99 ----
.../spec/lib/id_token_token_spec.rb | 36 --
.../spec/lib/oauth/authorization/code_spec.rb | 55 ---
.../oauth/authorization_code_request_spec.rb | 43 --
.../spec/lib/oauth/id_token_request_spec.rb | 78 ----
.../spec/lib/oauth/id_token_response_spec.rb | 60 ---
.../lib/oauth/id_token_token_request_spec.rb | 49 --
.../lib/oauth/id_token_token_response_spec.rb | 56 ---
.../password_access_token_request_spec.rb | 35 --
.../spec/lib/oauth/pre_authorization_spec.rb | 54 ---
.../spec/lib/oauth/token_response_spec.rb | 53 ---
.../spec/lib/openid_connect_spec.rb | 68 ---
.../spec/lib/routes_spec.rb | 44 --
.../spec/lib/user_info_spec.rb | 55 ---
.../spec/models/access_grant_spec.rb | 39 --
.../spec/models/request_spec.rb | 32 --
.../spec/rails_helper.rb | 59 ---
.../spec/spec_helper.rb | 85 ----
.../spec/support/doorkeeper_configuration.rb | 42 --
130 files changed, 11 insertions(+), 5305 deletions(-)
delete mode 100644 vendor/gems/doorkeeper-openid_connect/.gitlab-ci.yml
delete mode 100644 vendor/gems/doorkeeper-openid_connect/CHANGELOG.md
delete mode 100644 vendor/gems/doorkeeper-openid_connect/CONTRIBUTING.md
delete mode 100644 vendor/gems/doorkeeper-openid_connect/Gemfile
delete mode 100644 vendor/gems/doorkeeper-openid_connect/LICENSE.txt
delete mode 100644 vendor/gems/doorkeeper-openid_connect/README.md
delete mode 100644 vendor/gems/doorkeeper-openid_connect/Rakefile
delete mode 100644 vendor/gems/doorkeeper-openid_connect/app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/discovery_controller.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
delete mode 100755 vendor/gems/doorkeeper-openid_connect/bin/console
delete mode 100755 vendor/gems/doorkeeper-openid_connect/bin/setup
delete mode 100644 vendor/gems/doorkeeper-openid_connect/config/locales/en.yml
delete mode 100644 vendor/gems/doorkeeper-openid_connect/doorkeeper-openid_connect.gemspec
delete mode 100644 vendor/gems/doorkeeper-openid_connect/gemfiles/doorkeeper_master.gemfile
delete mode 100644 vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.0.gemfile
delete mode 100644 vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.1.gemfile
delete mode 100644 vendor/gems/doorkeeper-openid_connect/gemfiles/rails_7.0.gemfile
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_request.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_response.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_request.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_response.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/claim.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/distributed_claim.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/normal_claim.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims_builder.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/config.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/engine.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/errors.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/helpers/controller.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token_token.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization/code.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/token_response.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/request.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapper.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapping.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/user_info.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/version.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token_token.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/install_generator.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/migration_generator.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/initializer.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/migration.rb.erb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/controllers/discovery_controller_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorizations_controller_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorized_applications_controller_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/controllers/userinfo_controller_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/Rakefile
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/config/manifest.js
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/images/.keep
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/javascripts/application.js
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/stylesheets/application.css
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/channel.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/connection.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/controllers/application_controller.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/controllers/concerns/.keep
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/helpers/application_helper.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/jobs/application_job.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/mailers/application_mailer.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/application_record.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/concerns/.keep
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/user.rb
delete mode 100755 vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/bundle
delete mode 100755 vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rails
delete mode 100755 vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rake
delete mode 100755 vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/setup
delete mode 100755 vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/update
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config.ru
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/application.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/boot.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/database.yml
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environment.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environments/test.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper_openid_connect.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/locales/doorkeeper_openid_connect.en.yml
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/routes.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/config/secrets.yml
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20111122132257_create_users.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20161102204540_add_current_sign_in_at_to_users.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20180904152859_add_confidential_to_applications.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20221122044143_enable_pkce.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/db/schema.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/lib/assets/.keep
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/log/.keep
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/public/404.html
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/public/422.html
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/public/500.html
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/dummy/public/favicon.ico
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/factories.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/claims/claim_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/config_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_token_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization/code_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization_code_request_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_request_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_response_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_request_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_response_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/password_access_token_request_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/pre_authorization_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/token_response_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/openid_connect_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/routes_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/lib/user_info_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/models/access_grant_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/models/request_spec.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/rails_helper.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/spec_helper.rb
delete mode 100644 vendor/gems/doorkeeper-openid_connect/spec/support/doorkeeper_configuration.rb
diff --git a/Gemfile b/Gemfile
index a806b19d18d20..e7d4da8749e0f 100644
--- a/Gemfile
+++ b/Gemfile
@@ -90,9 +90,7 @@ gem 'devise', '~> 4.9.3', feature_category: :system_access
gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable' # rubocop:todo Gemfile/MissingFeatureCategory
gem 'bcrypt', '~> 3.1', '>= 3.1.14' # rubocop:todo Gemfile/MissingFeatureCategory
gem 'doorkeeper', '~> 5.8', '>= 5.8.0', feature_category: :system_access
-gem 'doorkeeper-openid_connect', '~> 1.8',
- path: 'vendor/gems/doorkeeper-openid_connect', # See Gem README for why this is vendored
- feature_category: :system_access
+gem 'doorkeeper-openid_connect', '~> 1.8.10', feature_category: :system_access
gem 'doorkeeper-device_authorization_grant', '~> 1.0.0', feature_category: :system_access
gem 'rexml', '~> 3.3.2' # rubocop:todo Gemfile/MissingFeatureCategory
gem 'ruby-saml', '~> 1.17.0', feature_category: :system_access
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 715b8bb18fd44..62cbaf7d8cea0 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -130,6 +130,7 @@
{"name":"domain_name","version":"0.5.20190701","platform":"ruby","checksum":"000a600454cb4a344769b2f10b531765ea7bd3a304fe47ed12e5ca1eab969851"},
{"name":"doorkeeper","version":"5.8.0","platform":"ruby","checksum":"5abc747ee0eaa3140e165b41e937941f05d5ce5bcd8b8ed6718e6711623a8105"},
{"name":"doorkeeper-device_authorization_grant","version":"1.0.3","platform":"ruby","checksum":"94c3ac12a0d50942850ecd58ed64298b397a5e903e8880cb68d4085600932679"},
+{"name":"doorkeeper-openid_connect","version":"1.8.10","platform":"ruby","checksum":"b28efaa9b52cbe9aca4efc825a7ef63cc950ae6a96f4a72ed8362f278a453742"},
{"name":"dotenv","version":"2.7.6","platform":"ruby","checksum":"2451ed5e8e43776d7a787e51d6f8903b98e446146c7ad143d5678cc2c409d547"},
{"name":"dry-cli","version":"1.0.0","platform":"ruby","checksum":"28ead169f872954dd08910eb8ead59cf86cd18b4aab321e8eeefe945749569f0"},
{"name":"dry-core","version":"1.0.1","platform":"ruby","checksum":"f32f4245e0f54e787f3708584ed8f7545aaf8dd99072e36f169312468ec5450d"},
diff --git a/Gemfile.lock b/Gemfile.lock
index cafbc5f805e24..5bbec1508d5ee 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -159,13 +159,6 @@ PATH
specs:
diff_match_patch (0.1.0)
-PATH
- remote: vendor/gems/doorkeeper-openid_connect
- specs:
- doorkeeper-openid_connect (1.8.9)
- doorkeeper (>= 5.5, < 5.9)
- jwt (>= 2.5)
-
PATH
remote: vendor/gems/gitlab-duo-workflow-service-client
specs:
@@ -546,6 +539,9 @@ GEM
railties (>= 5)
doorkeeper-device_authorization_grant (1.0.3)
doorkeeper (~> 5.5)
+ doorkeeper-openid_connect (1.8.10)
+ doorkeeper (>= 5.5, < 5.9)
+ jwt (>= 2.5)
dotenv (2.7.6)
dry-cli (1.0.0)
dry-core (1.0.1)
@@ -2038,7 +2034,7 @@ DEPENDENCIES
discordrb-webhooks (~> 3.5)
doorkeeper (~> 5.8, >= 5.8.0)
doorkeeper-device_authorization_grant (~> 1.0.0)
- doorkeeper-openid_connect (~> 1.8)!
+ doorkeeper-openid_connect (~> 1.8.10)
duo_api (~> 1.3)
ed25519 (~> 1.3.0)
elasticsearch-api (= 7.17.11)
diff --git a/Gemfile.next.checksum b/Gemfile.next.checksum
index f43e75c5589d0..988884683c53b 100644
--- a/Gemfile.next.checksum
+++ b/Gemfile.next.checksum
@@ -130,6 +130,7 @@
{"name":"domain_name","version":"0.5.20190701","platform":"ruby","checksum":"000a600454cb4a344769b2f10b531765ea7bd3a304fe47ed12e5ca1eab969851"},
{"name":"doorkeeper","version":"5.8.0","platform":"ruby","checksum":"5abc747ee0eaa3140e165b41e937941f05d5ce5bcd8b8ed6718e6711623a8105"},
{"name":"doorkeeper-device_authorization_grant","version":"1.0.3","platform":"ruby","checksum":"94c3ac12a0d50942850ecd58ed64298b397a5e903e8880cb68d4085600932679"},
+{"name":"doorkeeper-openid_connect","version":"1.8.10","platform":"ruby","checksum":"b28efaa9b52cbe9aca4efc825a7ef63cc950ae6a96f4a72ed8362f278a453742"},
{"name":"dotenv","version":"2.7.6","platform":"ruby","checksum":"2451ed5e8e43776d7a787e51d6f8903b98e446146c7ad143d5678cc2c409d547"},
{"name":"drb","version":"2.2.1","platform":"ruby","checksum":"e9d472bf785f558b96b25358bae115646da0dbfd45107ad858b0bc0d935cb340"},
{"name":"dry-cli","version":"1.0.0","platform":"ruby","checksum":"28ead169f872954dd08910eb8ead59cf86cd18b4aab321e8eeefe945749569f0"},
diff --git a/Gemfile.next.lock b/Gemfile.next.lock
index a89519fab5e26..acc56ec9c675d 100644
--- a/Gemfile.next.lock
+++ b/Gemfile.next.lock
@@ -159,13 +159,6 @@ PATH
specs:
diff_match_patch (0.1.0)
-PATH
- remote: vendor/gems/doorkeeper-openid_connect
- specs:
- doorkeeper-openid_connect (1.8.9)
- doorkeeper (>= 5.5, < 5.9)
- jwt (>= 2.5)
-
PATH
remote: vendor/gems/gitlab-duo-workflow-service-client
specs:
@@ -555,6 +548,9 @@ GEM
railties (>= 5)
doorkeeper-device_authorization_grant (1.0.3)
doorkeeper (~> 5.5)
+ doorkeeper-openid_connect (1.8.10)
+ doorkeeper (>= 5.5, < 5.9)
+ jwt (>= 2.5)
dotenv (2.7.6)
drb (2.2.1)
dry-cli (1.0.0)
@@ -2065,7 +2061,7 @@ DEPENDENCIES
discordrb-webhooks (~> 3.5)
doorkeeper (~> 5.8, >= 5.8.0)
doorkeeper-device_authorization_grant (~> 1.0.0)
- doorkeeper-openid_connect (~> 1.8)!
+ doorkeeper-openid_connect (~> 1.8.10)
duo_api (~> 1.3)
ed25519 (~> 1.3.0)
elasticsearch-api (= 7.17.11)
diff --git a/vendor/gems/doorkeeper-openid_connect/.gitlab-ci.yml b/vendor/gems/doorkeeper-openid_connect/.gitlab-ci.yml
deleted file mode 100644
index 77259f8093d38..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/.gitlab-ci.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-include:
- - local: gems/gem.gitlab-ci.yml
- inputs:
- gem_name: "doorkeeper-openid_connect"
- gem_path_prefix: "vendor/gems/"
- bundle_gemfiles: ['gemfiles/doorkeeper_master.gemfile']
- bundle_version: "2.5.11"
-variables:
- BUNDLE_FROZEN: "false"
diff --git a/vendor/gems/doorkeeper-openid_connect/CHANGELOG.md b/vendor/gems/doorkeeper-openid_connect/CHANGELOG.md
deleted file mode 100644
index 588ff986bd8b1..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/CHANGELOG.md
+++ /dev/null
@@ -1,288 +0,0 @@
-## Unreleased
-
-- [#PR ID] Add your changelog entry here.
-
-## v1.8.9 (2024-05-07)
-
-- Support Doorkeeper 5.7
-
-## v1.8.8 (2024-02-26)
-
-- [#201] Add back typ=JWT to header
-
-## v1.8.7 (2023-05-18)
-
-- [#198] Fully qualify `JWT::JWK::Thumbprint` constant with :: (thanks to @stanhu)
-
-## v1.8.6 (2023-05-12)
-
-- [#194] Default to RFC 7638 kid fingerprint generation (thanks to @stanhu).
-
-## v1.8.5 (2023-02-02)
-
-- [#186] Simplify gem configuration reusing Doorkeeper configuration option DSL (thanks to @nbulaj).
-- [#182] Drop support for Ruby 2.6 and Rails 5 (thanks to @sato11).
-- [#188] Fix dookeeper-jwt compatibility (thanks to @zavan).
-
-## v1.8.4 (2023-02-01)
-
-Note that v1.8.4 changed the default kid fingerprint generation from RFC 7638 to a format
-based on the SHA256 digest of the key element. To restore the previous behavior, upgrade to v1.8.6.
-
-- [#177] Replace `json-jwt` with `ruby-jwt` to align with doorkeeper-jwt (thanks to @kristof-mattei).
-- [#185] Don't call active_record_options for Doorkeeper >= 5.6.3 (thanks to @zavan).
-- [#183] Stop render consent screen when user is not logged-in (thanks to @nov).
-
-## v1.8.3 (2022-12-02)
-
-- [#180] Add PKCE support to OpenID discovery endpoint (thanks to @stanhu).
-
-## v1.8.2 (2022-07-13)
-
-- [#168] Allow to use custom doorkeeper access grant model (thanks @nov).
-- [#170] Controllers inherit `Doorkeeper::AppliactionMetalController` (thanks @sato11).
-- [#171] Correctly override `AuthorizationsController` params (thanks to @nbulaj).
-
-## v1.8.1 (2022-02-09)
-
-- [#153] Fix ArgumentError caused by client credential validation introduced in Doorkeeper 5.5.1 (thanks to @CircumnavigatingFlatEarther)
-- [#161] Fix .well-known/openid-connect issuer (respond to block if provided) (thanks to @fkowal).
-- [#152] Expose oauth-authorization-server in routes (thanks to @mitar)
-
-## v1.8.0 (2021-05-11)
-
-No changes from v1.8.0-rc1.
-
-## v1.8.0-rc1 (2021-04-20)
-
-### Upgrading
-
-This gem now requires Doorkeeper 5.5 and Ruby 2.5.
-
-### Changes
-
-- [#138] Support form_post response mode (thanks to @linhdangduy)
-- [#144] Support block syntax for `issuer` configuration (thanks to @maxxsnake)
-- [#145] Register token flows with the strategy instead of the token class (thanks to @paukul)
-
-## v1.7.5 (2020-12-15)
-
-### Changes
-
-- [#126] Add discovery_url_options option for discovery endpoints URL generation (thanks to @phlegx)
-
-### Bugfixes
-
-- [#123] Remove reference to ApplicationRecord (thanks to @wheeyls)
-- [#124] Clone doorkeeper.grant_flows array before appending 'refresh_token' (thanks to @davidbasalla)
-- [#129] Avoid to use the config alias while supporting Doorkeeper 5.2 (thanks to @kymmt90)
-
-## v1.7.4 (2020-07-06)
-
-- [#119] Execute end_session_endpoint in the controllers context (thanks to @joeljunstrom)
-
-## v1.7.3 (2020-07-06)
-
-- [#111] Add configuration callback `select_account_for_resource_owner` to support the `prompt=select_account` param
-- [#112] Add grant_types_supported to discovery response
-- [#114] Fix user_info endpoint when used in api mode
-- [#116] Support Doorkeeper API (> 5.4) for registering custom grant flows.
-- [#117] Fix migration template to use Rails migrations DSL for association.
-- [#118] Use fragment urls for implicit flow error redirects (thanks to @joeljunstrom)
-
-## v1.7.2 (2020-05-20)
-
-### Changes
-
-- [#108] Add support for Doorkeeper 5.4
-- [#103] Add support for end_session_endpoint
-- [#109] Test against Ruby 2.7 & Rails 6.x
-
-## v1.7.1 (2020-02-07)
-
-### Upgrading
-
-This version adds `on_delete: :cascade` to the migration template for the `oauth_openid_requests` table, in order to fix #82.
-
-For existing installations, you should add a new migration in your application to drop the existing foreign key and replace it with a new one with `on_delete: :cascade` included. Depending on the database you're using and the size of your application this might bring up some concerns, but in most cases the following should be sufficient:
-
-```ruby
-class UpdateOauthOpenIdRequestsForeignKeys < ActiveRecord::Migration[5.2]
- def up
- remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
- add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id, on_delete: :cascade)
- end
-
- def down
- remove_foreign_key(:oauth_openid_requests, column: :access_grant_id)
- add_foreign_key(:oauth_openid_requests, :oauth_access_grants, column: :access_grant_id)
- end
-end
-```
-
-### Bugfixes
-
-- [#96] Bump `json-jwt` because of CVE-2019-18848 (thanks to @leleabhinav)
-- [#97] Fixes for compatibility with Doorkeeper 5.2 (thanks to @linhdangduy)
-- [#98] Cascade deletes from `oauth_openid_requests` to `oauth_access_grants` (thanks to @manojmj92)
-- [#99] Fix `audience` claim when application is not set on access token (thanks to @ionut998)
-
-## v1.7.0 (2019-11-04)
-
-### Changes
-
-- [#85] This gem now requires Doorkeeper 5.2, Rails 5, and Ruby 2.4
-
-## v1.6.3 (2019-09-24)
-
-### Changes
-
-- [#81] Allow silent authentication without user consent (thanks to @jarosan)
-- Don't support Doorkeeper >= 5.2 due to breaking changes
-
-## v1.6.2 (2019-08-09)
-
-### Bugfixes
-
-- [#80] Check for client presence in controller, fixes a 500 error when `client_id` is missing (thanks to @cincospenguinos @urnf @isabellechalhoub)
-
-## v1.6.1 (2019-06-07)
-
-### Bugfixes
-
-- [#75] Fix return value for `after_successful_response` (thanks to @daveed)
-
-### Changes
-
-- [#72] Add `revocation_endpoint` and `introspection_endpoint` to discovery response (thanks to @scarfacedeb)
-
-## v1.6.0 (2019-03-06)
-
-### Changes
-
-- [#70] This gem now requires Doorkeeper 5.0, and actually has done so since v1.5.4 (thanks to @michaelglass)
-
-## v1.5.5 (2019-03-03)
-
-- [#69] Return `crv` parameter for EC keys (thanks to @marco-nicola)
-
-## v1.5.4 (2019-02-15)
-
-### Bugfixes
-
-- [#66] Fix an open redirect vulnerability ([CVE-2019-9837](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9837), thanks to @meagar)
-- [#67] Don't delete existing tokens with `prompt=consent` (thanks to @nov)
-
-### Changes
-
-- [#62] Support customization of redirect params in `id_token` and `id_token token` responses (thanks to @meagar)
-
-## v1.5.3 (2019-01-19)
-
-### Bugfixes
-
-- [#60] Don't break native authorization in Doorkeeper 5.x
-
-### Changes
-
-- [#58] Use versioned migrations for Rails 5.x (thanks to @tvongaza)
-
-## v1.5.2 (2018-09-04)
-
-### Changes
-
-- [#56] The previous release was a bit premature, this fixes some compatibility issues with Doorkeeper 5.x
-
-## v1.5.1 (2018-09-04)
-
-### Changes
-
-- [#55] This gem is now compatible with Doorkeeper 5.x
-
-## v1.5.0 (2018-06-27)
-
-### Features
-
-- [#52] Custom claims can now also be returned directly in the ID token, see the updated README for usage instructions
-
-## v1.4.0 (2018-05-31)
-
-### Upgrading
-
-- Support for Ruby versions older than 2.3 was dropped
-
-### Features
-
-- Redirect errors per Section 3.1.2.6 of OpenID Connect 1.0 (by @ryands)
-- Set `id_token` when it's nil in token response (it's used in `refresh_token` requests) (by @Miouge1)
-
-## v1.3.0 (2018-03-05)
-
-### Features
-
-- Support for Implicit Flow (`response_type=id_token` and `response_type=id_token token`),
- see the updated README for usage instructions (by @nashby, @nhance and @stevenvegt)
-
-## v1.2.0 (2017-08-31)
-
-### Upgrading
-
-- The configuration setting `jws_private_key` was renamed to `signing_key`, you can still use the old name until it's removed in the next major release
-
-### Features
-
-- Support for pairwise subject identifiers (by @travisofthenorth)
-- Support for EC and HMAC signing algorithms (by @110y)
-- Claims now receive an optional third `access_token` argument which allow you to dynamically adjust claim values based on the client's token (by @gigr)
-
-### Bugfixes
-
-## v1.1.2 (2017-01-18)
-
-### Bugfixes
-
-- Fixes the `undefined local variable or method 'pre_auth'` error
-
-## v1.1.1 (2017-01-18)
-
-#### Upgrading
-
-- The configuration setting `jws_public_key` wasn't actually used, it's deprecated now and will be removed in the next major release
-- The undocumented shorthand `to_proc` syntax for defining claims (`claim :user, &:name`) is not supported anymore
-
-#### Features
-
-- Claims now receive an optional second `scopes` argument which allow you to dynamically adjust claim values based on the requesting applications' scopes (by @nbibler)
-- The `prompt` parameter values `login` and `consent` are now supported
-- The configuration setting `protocol` was added (by @gigr)
-
-#### Bugfixes
-
-- Standard Claims are now mapped correctly to their default scopes (by @tylerhunt)
-- Blank `nonce` parameters are now ignored
-
-#### Changes
-
-- `nil` values and empty strings are now removed from the UserInfo and IdToken responses
-- Allow `json-jwt` dependency at ~> 1.6. (by @nbibler)
-- Configuration blocks no longer internally use `instance_eval` which previously gave undocumented and unexpected `self` access to the caller (by @nbibler)
-
-## v1.1.0 (2016-11-30)
-
-This release is a general clean-up and adds support for some advanced OpenID Connect features.
-
-#### Upgrading
-
-- This version adds a table to store temporary nonces, use the generator `doorkeeper:openid_connect:migration` to create a migration
-- Implement the new configuration callbacks `auth_time_from_resource_owner` and `reauthenticate_resource_owner` to support advanced features
-
-#### Features
-
-- Add discovery endpoint ([a16caa8](/../../commit/a16caa8))
-- Add webfinger and keys endpoints for discovery ([f70898b](/../../commit/f70898b))
-- Add supported claims to discovery response ([1d8f9ea](/../../commit/1d8f9ea))
-- Support prompt=none parameter ([c775d8b](/../../commit/c775d8b))
-- Store and return nonces in IdToken responses ([d28ca8c](/../../commit/d28ca8c))
-- Add generator for initializer ([80399fd](/../../commit/80399fd))
-- Support max_age parameter ([aabe3aa](/../../commit/aabe3aa))
-- Respect scope grants in UserInfo response ([25f2170](/../../commit/25f2170))
diff --git a/vendor/gems/doorkeeper-openid_connect/CONTRIBUTING.md b/vendor/gems/doorkeeper-openid_connect/CONTRIBUTING.md
deleted file mode 100644
index 5cc59a017b27a..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/CONTRIBUTING.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# Contributing
-
-## Workflow
-
-We are using the [Feature Branch Workflow (also known as GitHub Flow)](https://guides.github.com/introduction/flow/), and prefer delivery as pull requests.
-
-Our first line of defense is the [Travis CI](https://travis-ci.org/doorkeeper-gem/doorkeeper-openid_connect) build defined within [.travis.yml](.travis.yml) and triggered for every pull request.
-
-Create a feature branch:
-
-```sh
-git checkout -B feature/contributing
-```
-
-## Creating Good Commits
-
-The cardinal rule for creating good commits is to ensure there is only one
-"logical change" per commit. Why is this an important rule?
-
-* The smaller the amount of code being changed, the quicker & easier it is to
- review & identify potential flaws.
-
-* If a change is found to be flawed later, it may be necessary to revert the
- broken commit. This is much easier to do if there are not other unrelated
- code changes entangled with the original commit.
-
-* When troubleshooting problems using Git's bisect capability, small well
- defined changes will aid in isolating exactly where the code problem was
- introduced.
-
-* When browsing history using Git annotate/blame, small well defined changes
- also aid in isolating exactly where & why a piece of code came from.
-
-Things to avoid when creating commits:
-
-* Mixing whitespace changes with functional code changes.
-* Mixing two unrelated functional changes.
-* Sending large new features in a single giant commit.
-
-## Release process
-
-- Bump version in `lib/doorkeeper/openid_connect/version.rb`.
-- Update `CHANGELOG.md`.
-- Commit all changes.
-- Tag release and publish gem with `rake release`.
-- [Publish a new release on GitHub](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/releases/new), using the created tag and the new entries in `CHANGELOG.md`.
diff --git a/vendor/gems/doorkeeper-openid_connect/Gemfile b/vendor/gems/doorkeeper-openid_connect/Gemfile
deleted file mode 100644
index 9a2cbd3fa5b25..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/Gemfile
+++ /dev/null
@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-# use Rails version specified by environment
-ENV['rails'] ||= '6.0.0'
-gem 'rails', "~> #{ENV['rails']}"
-gem 'rails-controller-testing'
-
-gem 'rubocop', '~> 1.6'
-gem 'rubocop-performance', require: false
-gem 'rubocop-rails', require: false
-gem 'rubocop-rspec', require: false
-
-gemspec
diff --git a/vendor/gems/doorkeeper-openid_connect/LICENSE.txt b/vendor/gems/doorkeeper-openid_connect/LICENSE.txt
deleted file mode 100644
index 31b068d048f0c..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/LICENSE.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-MIT License
-
-Copyright (c) 2014 PlayOn! Sports
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/gems/doorkeeper-openid_connect/README.md b/vendor/gems/doorkeeper-openid_connect/README.md
deleted file mode 100644
index 9fde3a9515cb9..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/README.md
+++ /dev/null
@@ -1,342 +0,0 @@
-# Doorkeeper::OpenidConnect
-
-This is a fork of [doorkeeper-openid_connect](https://github.com/doorkeeper-gem/doorkeeper-openid_connect) to support:
-
-- Doorkeeper version 5.8.0
-- This gem can be unvendored once [PR 213](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/213) is merged and released.
-
-[](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/actions)
-[](https://codeclimate.com/github/doorkeeper-gem/doorkeeper-openid_connect)
-[](https://rubygems.org/gems/doorkeeper-openid_connect)
-
-#### :warning: **This project is looking for maintainers, see [this issue](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/issues/89).**
-
-This library implements an [OpenID Connect](http://openid.net/connect/) authentication provider for Rails applications on top of the [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper) OAuth 2.0 framework.
-
-OpenID Connect is a single-sign-on and identity layer with a [growing list of server and client implementations](http://openid.net/developers/libraries/). If you're looking for a client in Ruby check out [omniauth_openid_connect](https://github.com/m0n9oose/omniauth_openid_connect/).
-
-## Table of Contents
-
-- [Status](#status)
- - [Known Issues](#known-issues)
- - [Example Applications](#example-applications)
-- [Installation](#installation)
-- [Configuration](#configuration)
- - [Scopes](#scopes)
- - [Claims](#claims)
- - [Routes](#routes)
- - [Nonces](#nonces)
- - [Internationalization (I18n)](#internationalization-i18n)
-- [Development](#development)
-- [License](#license)
-- [Sponsors](#sponsors)
-
-## Status
-
-The following parts of [OpenID Connect Core 1.0](http://openid.net/specs/openid-connect-core-1_0.html) are currently supported:
-
-- [Authentication using the Authorization Code Flow](http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth)
-- [Authentication using the Implicit Flow](http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth)
-- [Requesting Claims using Scope Values](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims)
-- [UserInfo Endpoint](http://openid.net/specs/openid-connect-core-1_0.html#UserInfo)
-- [Normal Claims](http://openid.net/specs/openid-connect-core-1_0.html#NormalClaims)
-- [OAuth 2.0 Form Post Response Mode](https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html)
-
-In addition we also support most of [OpenID Connect Discovery 1.0](http://openid.net/specs/openid-connect-discovery-1_0.html) for automatic configuration discovery.
-
-Take a look at the [DiscoveryController](app/controllers/doorkeeper/openid_connect/discovery_controller.rb) for more details on supported features.
-
-### Known Issues
-
-- Doorkeeper's API mode (`Doorkeeper.configuration.api_only`) is not properly supported yet
-
-### Example Applications
-
-- [GitLab](https://gitlab.com/gitlab-org/gitlab-ce) ([original MR](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/8018))
-- [Testing app for this gem](https://github.com/doorkeeper-gem/doorkeeper-openid_connect/tree/master/spec/dummy)
-
-## Installation
-
-Make sure your application is already set up with [Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper#installation).
-
-Add this line to your application's `Gemfile` and run `bundle install`:
-
-```ruby
-gem 'doorkeeper-openid_connect'
-```
-
-Run the installation generator to update routes and create the initializer:
-
-```sh
-rails generate doorkeeper:openid_connect:install
-```
-
-Generate a migration for Active Record (other ORMs are currently not supported):
-
-```sh
-rails generate doorkeeper:openid_connect:migration
-rake db:migrate
-```
-
-If you're upgrading from an earlier version, check [CHANGELOG.md](CHANGELOG.md) for upgrade instructions.
-
-## Configuration
-
-Make sure you've [configured Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper#configuration) before continuing.
-
-Verify your settings in `config/initializers/doorkeeper.rb`:
-
-- `resource_owner_authenticator`
- - This callback needs to returns a falsey value if the current user can't be determined:
-
- ```ruby
- resource_owner_authenticator do
- if current_user
- current_user
- else
- redirect_to(new_user_session_url)
- nil
- end
- end
- ```
-
-- `grant_flows`
- - If you want to use `id_token` or `id_token token` response types you need to add `implicit_oidc` to `grant_flows`:
-
- ```ruby
- grant_flows %w(authorization_code implicit_oidc)
- ```
-
-The following settings are required in `config/initializers/doorkeeper_openid_connect.rb`:
-
-- `issuer`
- - Identifier for the issuer of the response (i.e. your application URL). The value is a case sensitive URL using the `https` scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
- - You can either pass a string value, or a block to generate the issuer dynamically based on the `resource_owner` and `application` or [request](app/controllers/doorkeeper/openid_connect/discovery_controller.rb#L123) passed to the block.
-- `subject`
- - Identifier for the resource owner (i.e. the authenticated user). A locally unique and never reassigned identifier within the issuer for the end-user, which is intended to be consumed by the client. The value is a case-sensitive string and must not exceed 255 ASCII characters in length.
- - The database ID of the user is an acceptable choice if you don't mind leaking that information.
- - If you want to provide a different subject identifier to each client, use [pairwise subject identifier](http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes) with configurations like below.
-
- ```ruby
- # config/initializers/doorkeeper_openid_connect.rb
- Doorkeeper::OpenidConnect.configure do
- # ...
- subject_types_supported [:pairwise]
-
- subject do |resource_owner, application|
- Digest::SHA256.hexdigest("#{resource_owner.id}#{URI.parse(application.redirect_uri).host}#{'your_secret_salt'}")
- end
- # ...
- end
- ```
-
-- `signing_key`
- - Private key to be used for [JSON Web Signature](https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31).
- - You can generate a private key with the `openssl` command, see e.g. [Generate an RSA keypair using OpenSSL](https://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL).
- - You should not commit the key to your repository, but use an external file (in combination with `File.read`) and/or the [dotenv-rails](https://github.com/bkeepers/dotenv) gem (in combination with `ENV[...]`).
-- `signing_algorithm`
- - The encryption type of the private key which defaults to `:rs256`. The list of supported algorithms can be found [here](https://github.com/nov/json-jwt/wiki/JWE#supported-algorithms)
-- `resource_owner_from_access_token`
- - Defines how to translate the Doorkeeper access token to a resource owner model.
-
-The following settings are optional, but recommended for better client compatibility:
-
-- `auth_time_from_resource_owner`
- - Returns the time of the user's last login, this can be a `Time`, `DateTime`, or any other class that responds to `to_i`
- - Required to support the `max_age` parameter and the `auth_time` claim.
-- `reauthenticate_resource_owner`
- - Defines how to trigger reauthentication for the current user (e.g. display a password prompt, or sign-out the user and redirect to the login form).
- - Required to support the `max_age` and `prompt=login` parameters.
- - The block is executed in the controller's scope, so you have access to methods like `params`, `redirect_to` etc.
-- `select_account_for_resource_owner`
- - Defines how to trigger account selection to choose the current login user.
- - Required to support the `prompt=select_account` parameter.
- - The block is executed in the controller's scope, so you have access to methods like `params`, `redirect_to` etc.
-
-The following settings are optional:
-
-- `expiration`
- - Expiration time after which the ID Token must not be accepted for processing by clients.
- - The default is 120 seconds
-
-- `protocol`
- - The protocol to use when generating URIs for the discovery endpoints.
- - The default is `https` for production, and `http` for all other environments
- - Note that the OIDC specification mandates HTTPS, so you shouldn't change this
- for production environments unless you have a really good reason!
-
-- `end_session_endpoint`
- - The URL that the user is redirected to after ending the session on the client.
- - Used by implementations like <https://github.com/IdentityModel/oidc-client-js>.
- - The block is executed in the controller's scope, so you have access to your route helpers.
-
-- `discovery_url_options`
- - The URL options for every available endpoint to use when generating the endpoint URL in the
- discovery response. Available endpoints: `authorization`, `token`, `revocation`,
- `introspection`, `userinfo`, `jwks`, `webfinger`.
- - This option requires option keys with an available endpoint and
- [URL options](https://api.rubyonrails.org/v6.0.3.3/classes/ActionDispatch/Routing/UrlFor.html#method-i-url_for)
- as value.
- - The default is to use the request host, just like all the other URLs in the discovery response.
- - This is useful when you want endpoints to use a different URL than other requests.
- For example, if your Doorkeeper server is behind a firewall with other servers, you might want
- other servers to use an "internal" URL to communicate with Doorkeeper, but you want to present
- an "external" URL to end-users for authentication requests. Note that this setting does not
- actually change the URL that your Doorkeeper server responds on - that is outside the scope of
- Doorkeeper.
-
- ```ruby
- # config/initializers/doorkeeper_openid_connect.rb
- Doorkeeper::OpenidConnect.configure do
- # ...
- discovery_url_options do |request|
- {
- authorization: { host: 'host.example.com' },
- jwks: { protocol: request.ssl? ? :https : :http }
- }
- end
- # ...
- end
- ```
-
-### Scopes
-
-To perform authentication over OpenID Connect, an OAuth client needs to request the `openid` scope. This scope needs to be enabled using either `optional_scopes` in the global Doorkeeper configuration in `config/initializers/doorkeeper.rb`, or by adding it to any OAuth application's `scope` attribute.
-
-> Note that any application defining its own scopes won't inherit the scopes defined in the initializer, so you might have to update existing applications as well.
->
-> See [Using Scopes](https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes) in the Doorkeeper wiki for more information.
-
-### Claims
-
-Claims can be defined in a `claims` block inside `config/initializers/doorkeeper_openid_connect.rb`:
-
-```ruby
-Doorkeeper::OpenidConnect.configure do
- claims do
- claim :email do |resource_owner|
- resource_owner.email
- end
-
- claim :full_name do |resource_owner|
- "#{resource_owner.first_name} #{resource_owner.last_name}"
- end
-
- claim :preferred_username, scope: :openid do |resource_owner, scopes, access_token|
- # Pass the resource_owner's preferred_username if the application has
- # `profile` scope access. Otherwise, provide a more generic alternative.
- scopes.exists?(:profile) ? resource_owner.preferred_username : "summer-sun-9449"
- end
-
- claim :groups, response: [:id_token, :user_info] do |resource_owner|
- resource_owner.groups
- end
- end
-end
-```
-
-Each claim block will be passed:
-
-- the `resource_owner`, which is the return value of `resource_owner_authenticator` in your initializer
-- the `scopes` granted by the access token, which is an instance of `Doorkeeper::OAuth::Scopes`
-- the `access_token` itself, which is an instance of `Doorkeeper::AccessToken`
-
-By default all custom claims are only returned from the `UserInfo` endpoint and not included in the ID token. You can optionally pass a `response:` keyword with one or both of the symbols `:id_token` or `:user_info` to specify where the claim should be returned.
-
-You can also pass a `scope:` keyword argument on each claim to specify which OAuth scope should be required to access the claim. If you define any of the defined [Standard Claims](http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) they will by default use their [corresponding scopes](http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) (`profile`, `email`, `address` and `phone`), and any other claims will by default use the `profile` scope. Again, to use any of these scopes you need to enable them as described above.
-
-### Routes
-
-The installation generator will update your `config/routes.rb` to define all required routes:
-
-``` ruby
-Rails.application.routes.draw do
- use_doorkeeper_openid_connect
- # your routes
-end
-```
-
-This will mount the following routes:
-
-```
-GET /oauth/userinfo
-POST /oauth/userinfo
-GET /oauth/discovery/keys
-GET /.well-known/openid-configuration
-GET /.well-known/webfinger
-```
-
-With the exception of the hard-coded `/.well-known` paths (see [RFC 5785](https://tools.ietf.org/html/rfc5785)) you can customize routes in the same way as with Doorkeeper, please refer to [this page on their wiki](https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-routes#version--05-1).
-
-### Nonces
-
-To support clients who send nonces you have to tweak Doorkeeper's authorization view so the parameter is passed on.
-
-If you don't already have custom templates, run this generator in your Rails application to add them:
-
-```sh
-rails generate doorkeeper:views
-```
-
-Then tweak the template as follows:
-
-```patch
---- i/app/views/doorkeeper/authorizations/new.html.erb
-+++ w/app/views/doorkeeper/authorizations/new.html.erb
-@@ -26,6 +26,7 @@
- <%= hidden_field_tag :state, @pre_auth.state %>
- <%= hidden_field_tag :response_type, @pre_auth.response_type %>
- <%= hidden_field_tag :scope, @pre_auth.scope %>
-+ <%= hidden_field_tag :nonce, @pre_auth.nonce %>
- <%= submit_tag t('doorkeeper.authorizations.buttons.authorize'), class: "btn btn-success btn-lg btn-block" %>
- <% end %>
- <%= form_tag oauth_authorization_path, method: :delete do %>
-@@ -34,6 +35,7 @@
- <%= hidden_field_tag :state, @pre_auth.state %>
- <%= hidden_field_tag :response_type, @pre_auth.response_type %>
- <%= hidden_field_tag :scope, @pre_auth.scope %>
-+ <%= hidden_field_tag :nonce, @pre_auth.nonce %>
- <%= submit_tag t('doorkeeper.authorizations.buttons.deny'), class: "btn btn-danger btn-lg btn-block" %>
- <% end %>
- </div>
-```
-
-### Internationalization (I18n)
-
-We use Rails locale files for error messages and scope descriptions, see [config/locales/en.yml](config/locales/en.yml). You can override these by adding them to your own translations in `config/locale`.
-
-## Development
-
-Run `bundle install` to setup all development dependencies.
-
-To run all specs:
-
-```sh
-bundle exec rake spec
-```
-
-To generate and run migrations in the test application:
-
-```sh
-bundle exec rake migrate
-```
-
-To run the local engine server:
-
-```sh
-bundle exec rake server
-```
-
-By default, the latest Rails version is used. To use a specific version run:
-
-```
-rails=4.2.0 bundle update
-```
-
-## License
-
-Doorkeeper::OpenidConnect is released under the [MIT License](http://www.opensource.org/licenses/MIT).
-
-## Sponsors
-
-Initial development of this project was sponsored by [PlayOn! Sports](https://github.com/playon).
diff --git a/vendor/gems/doorkeeper-openid_connect/Rakefile b/vendor/gems/doorkeeper-openid_connect/Rakefile
deleted file mode 100644
index a6fe1e73c4d57..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/Rakefile
+++ /dev/null
@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-ENV['RAILS_ENV'] ||= 'test'
-
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new
-
-task default: :spec
-task test: :spec
-
-desc 'Generate and run migrations in the test application'
-task :migrate do
- Dir.chdir('spec/dummy') do
- system('bin/rails generate doorkeeper:openid_connect:migration')
- system('bin/rake db:migrate')
- end
-end
-
-desc 'Run server in the test application'
-task :server do
- Dir.chdir('spec/dummy') do
- system('bin/rails server')
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb b/vendor/gems/doorkeeper-openid_connect/app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb
deleted file mode 100644
index 6a906b7d1a762..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/app/controllers/concerns/doorkeeper/openid_connect/authorizations_extension.rb
+++ /dev/null
@@ -1,12 +0,0 @@
-module Doorkeeper
- module OpenidConnect
- module AuthorizationsExtension
- private
-
- def pre_auth_param_fields
- super.append(:nonce)
- end
- end
- end
-end
-
diff --git a/vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/discovery_controller.rb b/vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/discovery_controller.rb
deleted file mode 100644
index f834139c596a4..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/discovery_controller.rb
+++ /dev/null
@@ -1,146 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class DiscoveryController < ::Doorkeeper::ApplicationMetalController
- include Doorkeeper::Helpers::Controller
-
- WEBFINGER_RELATION = 'http://openid.net/specs/connect/1.0/issuer'
-
- def provider
- render json: provider_response
- end
-
- def webfinger
- render json: webfinger_response
- end
-
- def keys
- render json: keys_response
- end
-
- private
-
- def provider_response
- doorkeeper = ::Doorkeeper.configuration
- openid_connect = ::Doorkeeper::OpenidConnect.configuration
-
- {
- issuer: issuer,
- authorization_endpoint: oauth_authorization_url(authorization_url_options),
- token_endpoint: oauth_token_url(token_url_options),
- revocation_endpoint: oauth_revoke_url(revocation_url_options),
- introspection_endpoint: respond_to?(:oauth_introspect_url) ? oauth_introspect_url(introspection_url_options) : nil,
- userinfo_endpoint: oauth_userinfo_url(userinfo_url_options),
- jwks_uri: oauth_discovery_keys_url(jwks_url_options),
- end_session_endpoint: instance_exec(&openid_connect.end_session_endpoint),
-
- scopes_supported: doorkeeper.scopes,
-
- # TODO: support id_token response type
- response_types_supported: doorkeeper.authorization_response_types,
- response_modes_supported: response_modes_supported(doorkeeper),
- grant_types_supported: grant_types_supported(doorkeeper),
-
- # TODO: look into doorkeeper-jwt_assertion for these
- # 'client_secret_jwt',
- # 'private_key_jwt'
- token_endpoint_auth_methods_supported: %w[client_secret_basic client_secret_post],
-
- subject_types_supported: openid_connect.subject_types_supported,
-
- id_token_signing_alg_values_supported: [
- ::Doorkeeper::OpenidConnect.signing_algorithm
- ],
-
- claim_types_supported: [
- 'normal',
-
- # TODO: support these
- # 'aggregated',
- # 'distributed',
- ],
-
- claims_supported: %w[
- iss
- sub
- aud
- exp
- iat
- ] | openid_connect.claims.to_h.keys,
-
- code_challenge_methods_supported: code_challenge_methods_supported(doorkeeper),
- }.compact
- end
-
- def grant_types_supported(doorkeeper)
- grant_types_supported = doorkeeper.grant_flows.dup
- grant_types_supported << 'refresh_token' if doorkeeper.refresh_token_enabled?
- grant_types_supported
- end
-
- def response_modes_supported(doorkeeper)
- doorkeeper.authorization_response_flows.flat_map(&:response_mode_matches).uniq
- end
-
- def code_challenge_methods_supported(doorkeeper)
- return unless doorkeeper.access_grant_model.pkce_supported?
-
- %w[plain S256]
- end
-
- def webfinger_response
- {
- subject: params.require(:resource),
- links: [
- {
- rel: WEBFINGER_RELATION,
- href: root_url(webfinger_url_options),
- }
- ]
- }
- end
-
- def keys_response
- signing_key = Doorkeeper::OpenidConnect.signing_key_normalized
-
- {
- keys: [
- signing_key.merge(
- use: 'sig',
- alg: Doorkeeper::OpenidConnect.signing_algorithm
- )
- ]
- }
- end
-
- def protocol
- Doorkeeper::OpenidConnect.configuration.protocol.call
- end
-
- def discovery_url_options
- Doorkeeper::OpenidConnect.configuration.discovery_url_options.call(request)
- end
-
- def discovery_url_default_options
- {
- protocol: protocol
- }
- end
-
- def issuer
- if Doorkeeper::OpenidConnect.configuration.issuer.respond_to?(:call)
- Doorkeeper::OpenidConnect.configuration.issuer.call(request).to_s
- else
- Doorkeeper::OpenidConnect.configuration.issuer
- end
- end
-
- %i[authorization token revocation introspection userinfo jwks webfinger].each do |endpoint|
- define_method :"#{endpoint}_url_options" do
- discovery_url_default_options.merge(discovery_url_options[endpoint.to_sym] || {})
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb b/vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
deleted file mode 100644
index c6ace1aab2a7d..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class UserinfoController < ::Doorkeeper::ApplicationMetalController
- before_action -> { doorkeeper_authorize! :openid }
-
- def show
- render json: Doorkeeper::OpenidConnect::UserInfo.new(doorkeeper_token), status: :ok
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/bin/console b/vendor/gems/doorkeeper-openid_connect/bin/console
deleted file mode 100755
index 8c3eaafde17c7..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/bin/console
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'bundler/setup'
-Bundler.require :default
-
-require 'doorkeeper/openid_connect'
-
-require 'pry'
-Pry.start
diff --git a/vendor/gems/doorkeeper-openid_connect/bin/setup b/vendor/gems/doorkeeper-openid_connect/bin/setup
deleted file mode 100755
index dce67d860af47..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/bin/setup
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here
diff --git a/vendor/gems/doorkeeper-openid_connect/config/locales/en.yml b/vendor/gems/doorkeeper-openid_connect/config/locales/en.yml
deleted file mode 100644
index 1bed506b2cf19..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/config/locales/en.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-en:
- doorkeeper:
- scopes:
- openid: 'Authenticate your account'
- profile: 'View your profile information'
- email: 'View your email address'
- address: 'View your physical address'
- phone: 'View your phone number'
- errors:
- messages:
- login_required: 'The authorization server requires end-user authentication'
- consent_required: 'The authorization server requires end-user consent'
- interaction_required: 'The authorization server requires end-user interaction'
- account_selection_required: 'The authorization server requires end-user account selection'
- openid_connect:
- errors:
- messages:
- # Configuration error messages
- resource_owner_from_access_token_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.resource_owner_from_access_token missing configuration.'
- auth_time_from_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.auth_time_from_resource_owner missing configuration.'
- reauthenticate_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.reauthenticate_resource_owner missing configuration.'
- select_account_for_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.select_account_for_resource_owner missing configuration.'
- subject_not_configured: 'ID Token generation failed due to Doorkeeper::OpenidConnect.configure.subject missing configuration.'
diff --git a/vendor/gems/doorkeeper-openid_connect/doorkeeper-openid_connect.gemspec b/vendor/gems/doorkeeper-openid_connect/doorkeeper-openid_connect.gemspec
deleted file mode 100644
index bb050b8a6b4cf..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/doorkeeper-openid_connect.gemspec
+++ /dev/null
@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-$LOAD_PATH.push File.expand_path('lib', __dir__)
-require 'doorkeeper/openid_connect/version'
-
-Gem::Specification.new do |spec|
- spec.name = 'doorkeeper-openid_connect'
- spec.version = Doorkeeper::OpenidConnect::VERSION
- spec.authors = ['Sam Dengler', 'Markus Koller', 'Nikita Bulai']
- spec.email = ['sam.dengler@playonsports.com', 'markus-koller@gmx.ch', 'bulajnikita@gmail.com']
- spec.homepage = 'https://github.com/doorkeeper-gem/doorkeeper-openid_connect'
- spec.summary = 'OpenID Connect extension for Doorkeeper.'
- spec.description = 'OpenID Connect extension for Doorkeeper.'
- spec.license = 'MIT'
-
- spec.files = Dir[
- "{app,config,lib}/**/*",
- "CHANGELOG.md",
- "LICENSE.txt",
- "README.md",
- ]
- spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
- spec.require_paths = ['lib']
-
- spec.required_ruby_version = '>= 2.7'
-
- spec.add_runtime_dependency 'doorkeeper', '>= 5.5', '< 5.9'
- spec.add_runtime_dependency 'jwt', '>= 2.5'
-
- spec.add_development_dependency 'conventional-changelog', '~> 1.2'
- spec.add_development_dependency 'factory_bot'
- spec.add_development_dependency 'pry-byebug'
- spec.add_development_dependency 'rspec-rails'
- spec.add_development_dependency 'sqlite3', '>= 1.3.6'
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/gemfiles/doorkeeper_master.gemfile b/vendor/gems/doorkeeper-openid_connect/gemfiles/doorkeeper_master.gemfile
deleted file mode 100644
index 5157472158ef6..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/gemfiles/doorkeeper_master.gemfile
+++ /dev/null
@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-gem 'rails', '~> 7.0.0'
-gem 'rails-controller-testing'
-gem 'doorkeeper', git: 'https://github.com/doorkeeper-gem/doorkeeper.git'
-
-gemspec path: '../'
diff --git a/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.0.gemfile b/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.0.gemfile
deleted file mode 100644
index 39898608de60e..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.0.gemfile
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-gem 'rails', '~> 6.0.0'
-gem 'rails-controller-testing'
-
-gemspec path: '../'
diff --git a/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.1.gemfile b/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.1.gemfile
deleted file mode 100644
index df88b047af292..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_6.1.gemfile
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-gem 'rails', '~> 6.1.0'
-gem 'rails-controller-testing'
-
-gemspec path: '../'
diff --git a/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_7.0.gemfile b/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_7.0.gemfile
deleted file mode 100644
index 4032a5772ee33..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/gemfiles/rails_7.0.gemfile
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-gem 'rails', '~> 7.0.0'
-gem 'rails-controller-testing'
-
-gemspec path: '../'
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_request.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_request.rb
deleted file mode 100644
index e6054508cc04c..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_request.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OAuth
- class IdTokenRequest
- attr_accessor :pre_auth, :auth, :resource_owner
-
- def initialize(pre_auth, resource_owner)
- @pre_auth = pre_auth
- @resource_owner = resource_owner
- end
-
- def authorize
- @auth = Authorization::Token.new(pre_auth, resource_owner)
- if @auth.respond_to?(:issue_token!)
- @auth.issue_token!
- else
- @auth.issue_token
- end
- response
- end
-
- def deny
- pre_auth.error = :access_denied
- pre_auth.error_response
- end
-
- private
-
- def response
- id_token = Doorkeeper::OpenidConnect::IdToken.new(auth.token, pre_auth.nonce)
-
- IdTokenResponse.new(pre_auth, auth, id_token)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_response.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_response.rb
deleted file mode 100644
index a555f2d2d60e1..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_response.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OAuth
- class IdTokenResponse < BaseResponse
- include OAuth::Helpers
-
- attr_accessor :pre_auth, :auth, :id_token
-
- def initialize(pre_auth, auth, id_token)
- @pre_auth = pre_auth
- @auth = auth
- @id_token = id_token
- end
-
- def redirectable?
- true
- end
-
- def body
- {
- expires_in: auth.token.expires_in_seconds,
- state: pre_auth.state,
- id_token: id_token.as_jws_token
- }
- end
-
- def redirect_uri
- Authorization::URIBuilder.uri_with_fragment(pre_auth.redirect_uri, body)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_request.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_request.rb
deleted file mode 100644
index cfcfb4ee01bbd..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_request.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OAuth
- class IdTokenTokenRequest < IdTokenRequest
- private
-
- def response
- id_token_token = Doorkeeper::OpenidConnect::IdTokenToken.new(auth.token, pre_auth.nonce)
-
- IdTokenTokenResponse.new(pre_auth, auth, id_token_token)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_response.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_response.rb
deleted file mode 100644
index ac212d5b5340a..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/oauth/id_token_token_response.rb
+++ /dev/null
@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OAuth
- class IdTokenTokenResponse < IdTokenResponse
- def body
- super.merge({
- access_token: auth.token.token,
- token_type: auth.token.token_type
- })
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect.rb
deleted file mode 100644
index 4d0de3c3803cc..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect.rb
+++ /dev/null
@@ -1,76 +0,0 @@
-# frozen_string_literal: true
-
-require 'doorkeeper'
-require 'active_model'
-require 'jwt'
-
-require 'doorkeeper/request'
-require 'doorkeeper/request/id_token'
-require 'doorkeeper/request/id_token_token'
-require 'doorkeeper/oauth/id_token_request'
-require 'doorkeeper/oauth/id_token_token_request'
-require 'doorkeeper/oauth/id_token_response'
-require 'doorkeeper/oauth/id_token_token_response'
-
-require 'doorkeeper/openid_connect/claims_builder'
-require 'doorkeeper/openid_connect/claims/claim'
-require 'doorkeeper/openid_connect/claims/normal_claim'
-require 'doorkeeper/openid_connect/config'
-require 'doorkeeper/openid_connect/engine'
-require 'doorkeeper/openid_connect/errors'
-require 'doorkeeper/openid_connect/id_token'
-require 'doorkeeper/openid_connect/id_token_token'
-require 'doorkeeper/openid_connect/user_info'
-require 'doorkeeper/openid_connect/version'
-
-require 'doorkeeper/openid_connect/helpers/controller'
-
-require 'doorkeeper/openid_connect/oauth/authorization/code'
-require 'doorkeeper/openid_connect/oauth/authorization_code_request'
-require 'doorkeeper/openid_connect/oauth/password_access_token_request'
-require 'doorkeeper/openid_connect/oauth/pre_authorization'
-require 'doorkeeper/openid_connect/oauth/token_response'
-
-require 'doorkeeper/openid_connect/orm/active_record'
-
-require 'doorkeeper/openid_connect/rails/routes'
-
-module Doorkeeper
- module OpenidConnect
- def self.signing_algorithm
- configuration.signing_algorithm.to_s.upcase.to_sym
- end
-
- def self.signing_key
- key =
- if %i[HS256 HS384 HS512].include?(signing_algorithm)
- configuration.signing_key
- else
- OpenSSL::PKey.read(configuration.signing_key)
- end
- ::JWT::JWK.new(key, { kid_generator: ::JWT::JWK::Thumbprint })
- end
-
- def self.signing_key_normalized
- signing_key.export
- end
-
- Doorkeeper::GrantFlow.register(
- :id_token,
- response_type_matches: 'id_token',
- response_mode_matches: %w[fragment form_post],
- response_type_strategy: Doorkeeper::Request::IdToken,
- )
-
- Doorkeeper::GrantFlow.register(
- 'id_token token',
- response_type_matches: 'id_token token',
- response_mode_matches: %w[fragment form_post],
- response_type_strategy: Doorkeeper::Request::IdTokenToken,
- )
-
- Doorkeeper::GrantFlow.register_alias(
- 'implicit_oidc', as: ['implicit', 'id_token', 'id_token token']
- )
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb
deleted file mode 100644
index 98732f49a22a6..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/aggregated_claim.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Claims
- class AggregatedClaim < Claim
- attr_accessor :jwt
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/claim.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/claim.rb
deleted file mode 100644
index a0cfa8d4f6612..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/claim.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Claims
- class Claim
- attr_accessor :name, :response, :scope
-
- # http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
- # http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
- STANDARD_CLAIMS = {
- profile: %i[
- name family_name given_name middle_name nickname preferred_username
- profile picture website gender birthdate zoneinfo locale updated_at
- ],
- email: %i[email email_verified],
- address: %i[address],
- phone: %i[phone_number phone_number_verified],
- }.freeze
-
- def initialize(options = {})
- @name = options[:name].to_sym
- @response = Array.wrap(options[:response])
- @scope = options[:scope].to_sym if options[:scope]
-
- # use default scope for Standard Claims
- @scope ||= STANDARD_CLAIMS.find do |_scope, claims|
- claims.include? @name
- end.try(:first)
-
- # use profile scope as default fallback
- @scope ||= :profile
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/distributed_claim.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/distributed_claim.rb
deleted file mode 100644
index 3a0d4f874d54e..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/distributed_claim.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Claims
- class DistributedClaim < Claim
- attr_accessor :endpoint, :access_token
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/normal_claim.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/normal_claim.rb
deleted file mode 100644
index 16b0126655182..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims/normal_claim.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Claims
- class NormalClaim < Claim
- attr_reader :generator
-
- def initialize(options = {})
- super(options)
- @generator = options[:generator]
- end
-
- def type
- :normal
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims_builder.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims_builder.rb
deleted file mode 100644
index 69df8aaaae02e..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/claims_builder.rb
+++ /dev/null
@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require 'ostruct'
-
-module Doorkeeper
- module OpenidConnect
- class ClaimsBuilder
- def self.generate(access_token, response)
- resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
-
- Doorkeeper::OpenidConnect.configuration.claims.to_h.map do |name, claim|
- if access_token.scopes.exists?(claim.scope) && claim.response.include?(response)
- [name, claim.generator.call(resource_owner, access_token.scopes, access_token)]
- end
- end.compact.to_h
- end
-
- def initialize(&block)
- @claims = OpenStruct.new
- instance_eval(&block)
- end
-
- def build
- @claims
- end
-
- def normal_claim(name, response: [:user_info], scope: nil, &block)
- @claims[name] =
- Claims::NormalClaim.new(
- name: name,
- response: response,
- scope: scope,
- generator: block
- )
- end
- alias claim normal_claim
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/config.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/config.rb
deleted file mode 100644
index 6ebce486d238f..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/config.rb
+++ /dev/null
@@ -1,84 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- def self.configure(&block)
- if Doorkeeper.configuration.orm != :active_record
- raise Errors::InvalidConfiguration, 'Doorkeeper OpenID Connect currently only supports the ActiveRecord ORM adapter'
- end
-
- @config = Config::Builder.new(&block).build
- end
-
- def self.configuration
- @config || (raise Errors::MissingConfiguration)
- end
-
- class Config
- class Builder
- def initialize(&block)
- @config = Config.new
- instance_eval(&block)
- end
-
- def build
- @config
- end
-
- def jws_public_key(*_args)
- puts 'DEPRECATION WARNING: `jws_public_key` is not needed anymore and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
- end
-
- def jws_private_key(*args)
- puts 'DEPRECATION WARNING: `jws_private_key` has been replaced by `signing_key` and will be removed in a future version, please remove it from config/initializers/doorkeeper_openid_connect.rb'
- signing_key(*args)
- end
- end
-
- mattr_reader(:builder_class) { Config::Builder }
-
- extend ::Doorkeeper::Config::Option
-
- option :issuer
- option :signing_key
- option :signing_algorithm, default: :rs256
- option :subject_types_supported, default: [:public]
-
- option :resource_owner_from_access_token, default: lambda { |*_|
- raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.resource_owner_from_access_token_not_configured')
- }
-
- option :auth_time_from_resource_owner, default: lambda { |*_|
- raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.auth_time_from_resource_owner_not_configured')
- }
-
- option :reauthenticate_resource_owner, default: lambda { |*_|
- raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.reauthenticate_resource_owner_not_configured')
- }
-
- option :select_account_for_resource_owner, default: lambda { |*_|
- raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.select_account_for_resource_owner_not_configured')
- }
-
- option :subject, default: lambda { |*_|
- raise Errors::InvalidConfiguration, I18n.translate('doorkeeper.openid_connect.errors.messages.subject_not_configured')
- }
-
- option :expiration, default: 120
-
- option :claims, builder_class: ClaimsBuilder
-
- option :protocol, default: lambda { |*_|
- ::Rails.env.production? ? :https : :http
- }
-
- option :end_session_endpoint, default: lambda { |*_|
- nil
- }
-
- option :discovery_url_options, default: lambda { |*_|
- {}
- }
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/engine.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/engine.rb
deleted file mode 100644
index 6eb5e3ea0965c..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/engine.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class Engine < ::Rails::Engine
- initializer 'doorkeeper.openid_connect.routes' do
- Doorkeeper::OpenidConnect::Rails::Routes.install!
- end
-
- config.to_prepare do
- Doorkeeper::AuthorizationsController.prepend Doorkeeper::OpenidConnect::AuthorizationsExtension
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/errors.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/errors.rb
deleted file mode 100644
index ca7823b24a02a..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/errors.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Errors
- class OpenidConnectError < StandardError
- def type
- self.class.name.demodulize.underscore.to_sym
- end
- end
-
- # internal errors
- class InvalidConfiguration < OpenidConnectError; end
- class MissingConfiguration < OpenidConnectError
- def initialize
- super('Configuration for Doorkeeper OpenID Connect missing. Do you have doorkeeper_openid_connect initializer?')
- end
- end
-
- # OAuth 2.0 errors
- # https://tools.ietf.org/html/rfc6749#section-4.1.2.1
- class InvalidRequest < OpenidConnectError; end
-
- # OpenID Connect 1.0 errors
- # http://openid.net/specs/openid-connect-core-1_0.html#AuthError
- class LoginRequired < OpenidConnectError; end
- class ConsentRequired < OpenidConnectError; end
- class InteractionRequired < OpenidConnectError; end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/helpers/controller.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/helpers/controller.rb
deleted file mode 100644
index d3e8396120a04..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/helpers/controller.rb
+++ /dev/null
@@ -1,141 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Helpers
- module Controller
- private
-
- # FIXME: remove after Doorkeeper will merge it
- def current_resource_owner
- return @current_resource_owner if defined?(@current_resource_owner)
-
- super
- end
-
- def authenticate_resource_owner!
- super.tap do |owner|
- next unless oidc_authorization_request?
-
- handle_oidc_prompt_param!(owner)
- handle_oidc_max_age_param!(owner)
- end
- rescue Errors::OpenidConnectError => e
- handle_oidc_error!(e)
- end
-
- def oidc_authorization_request?
- controller_path == Doorkeeper::Rails::Routes.mapping[:authorizations][:controllers] &&
- action_name == 'new' &&
- pre_auth.valid? &&
- pre_auth.scopes.include?('openid')
- end
-
- def handle_oidc_error!(exception)
- # clear the previous response body to avoid a DoubleRenderError
- self.response_body = nil
-
- # FIXME: workaround for Rails 5, see https://github.com/rails/rails/issues/25106
- @_response_body = nil
-
- error_response = if exception.type == :invalid_request
- ::Doorkeeper::OAuth::InvalidRequestResponse.new(
- name: exception.type,
- state: params[:state],
- redirect_uri: params[:redirect_uri],
- response_on_fragment: pre_auth.response_on_fragment?,
- )
- else
- ::Doorkeeper::OAuth::ErrorResponse.new(
- name: exception.type,
- state: params[:state],
- redirect_uri: params[:redirect_uri],
- response_on_fragment: pre_auth.response_on_fragment?,
- )
- end
-
- response.headers.merge!(error_response.headers)
-
- # NOTE: Assign error_response to @authorize_response then use redirect_or_render method that are defined at
- # doorkeeper's authorizations_controller.
- # - https://github.com/doorkeeper-gem/doorkeeper/blob/v5.5.0/app/controllers/doorkeeper/authorizations_controller.rb#L110
- # - https://github.com/doorkeeper-gem/doorkeeper/blob/v5.5.0/app/controllers/doorkeeper/authorizations_controller.rb#L52
- @authorize_response = error_response
- redirect_or_render(@authorize_response)
- end
-
- def handle_oidc_prompt_param!(owner)
- prompt_values ||= params[:prompt].to_s.split(/ +/).uniq
-
- prompt_values.each do |prompt|
- case prompt
- when 'none'
- raise Errors::InvalidRequest if (prompt_values - ['none']).any?
- raise Errors::LoginRequired unless owner
- raise Errors::ConsentRequired if oidc_consent_required?
- when 'login'
- reauthenticate_oidc_resource_owner(owner) if owner
- when 'consent'
- render :new if owner
- when 'select_account'
- select_account_for_oidc_resource_owner(owner)
- else
- raise Errors::InvalidRequest
- end
- end
- end
-
- def handle_oidc_max_age_param!(owner)
- max_age = params[:max_age].to_i
- return unless max_age > 0 && owner
-
- auth_time = instance_exec(
- owner,
- &Doorkeeper::OpenidConnect.configuration.auth_time_from_resource_owner
- )
-
- if !auth_time || (Time.zone.now - auth_time) > max_age
- reauthenticate_oidc_resource_owner(owner)
- end
- end
-
- def return_without_oidc_prompt_param(prompt_value)
- return_to = URI.parse(request.path)
- return_to.query = request.query_parameters.tap do |params|
- params['prompt'] = params['prompt'].to_s.sub(/\b#{prompt_value}\s*\b/, '').strip
- params.delete('prompt') if params['prompt'].blank?
- end.to_query
- return_to.to_s
- end
-
- def reauthenticate_oidc_resource_owner(owner)
- return_to = return_without_oidc_prompt_param('login')
-
- instance_exec(
- owner,
- return_to,
- &Doorkeeper::OpenidConnect.configuration.reauthenticate_resource_owner
- )
-
- raise Errors::LoginRequired unless performed?
- end
-
- def oidc_consent_required?
- !skip_authorization? && !matching_token?
- end
-
- def select_account_for_oidc_resource_owner(owner)
- return_to = return_without_oidc_prompt_param('select_account')
-
- instance_exec(
- owner,
- return_to,
- &Doorkeeper::OpenidConnect.configuration.select_account_for_resource_owner
- )
- end
- end
- end
- end
-
- Helpers::Controller.prepend OpenidConnect::Helpers::Controller
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token.rb
deleted file mode 100644
index 69dfb0c92bb55..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token.rb
+++ /dev/null
@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class IdToken
- include ActiveModel::Validations
-
- attr_reader :nonce
-
- def initialize(access_token, nonce = nil)
- @access_token = access_token
- @nonce = nonce
- @resource_owner = Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(access_token)
- @issued_at = Time.zone.now
- end
-
- def claims
- {
- iss: issuer,
- sub: subject,
- aud: audience,
- exp: expiration,
- iat: issued_at,
- nonce: nonce,
- auth_time: auth_time
- }.merge ClaimsBuilder.generate(@access_token, :id_token)
- end
-
- def as_json(*_)
- claims.reject { |_, value| value.nil? || value == '' }
- end
-
- def as_jws_token
- ::JWT.encode(as_json,
- Doorkeeper::OpenidConnect.signing_key.keypair,
- Doorkeeper::OpenidConnect.signing_algorithm.to_s,
- { typ: 'JWT', kid: Doorkeeper::OpenidConnect.signing_key.kid }
- ).to_s
- end
-
- private
-
- def issuer
- if Doorkeeper::OpenidConnect.configuration.issuer.respond_to?(:call)
- Doorkeeper::OpenidConnect.configuration.issuer.call(@resource_owner, @access_token.application).to_s
- else
- Doorkeeper::OpenidConnect.configuration.issuer
- end
- end
-
- def subject
- Doorkeeper::OpenidConnect.configuration.subject.call(@resource_owner, @access_token.application).to_s
- end
-
- def audience
- @access_token.application.try(:uid)
- end
-
- def expiration
- (@issued_at.utc + Doorkeeper::OpenidConnect.configuration.expiration).to_i
- end
-
- def issued_at
- @issued_at.utc.to_i
- end
-
- def auth_time
- Doorkeeper::OpenidConnect.configuration.auth_time_from_resource_owner.call(@resource_owner).try(:to_i)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token_token.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token_token.rb
deleted file mode 100644
index 6e78fea88cd29..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/id_token_token.rb
+++ /dev/null
@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class IdTokenToken < IdToken
- def claims
- super.merge(at_hash: at_hash)
- end
-
- private
-
- # The at_hash is build according to the following standard:
- #
- # http://openid.net/specs/openid-connect-implicit-1_0.html#IDToken
- #
- # at_hash:
- # REQUIRED. Access Token hash value. If the ID Token is issued with an
- # access_token in an Implicit Flow, this is REQUIRED, which is the case
- # for this subset of OpenID Connect. Its value is the base64url encoding
- # of the left-most half of the hash of the octets of the ASCII
- # representation of the access_token value, where the hash algorithm
- # used is the hash algorithm used in the alg Header Parameter of the
- # ID Token's JOSE Header. For instance, if the alg is RS256, hash the
- # access_token value with SHA-256, then take the left-most 128 bits and
- # base64url-encode them. The at_hash value is a case-sensitive string.
- def at_hash
- sha256 = Digest::SHA256.new
- token = @access_token.token
- hashed_token = sha256.digest(token)
- first_half = hashed_token[0...hashed_token.length / 2]
- Base64.urlsafe_encode64(first_half).tr('=', '')
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization/code.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization/code.rb
deleted file mode 100644
index f04bb0412ac90..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization/code.rb
+++ /dev/null
@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module OAuth
- module Authorization
- module Code
- if Doorkeeper::OAuth::Authorization::Code.method_defined?(:issue_token!)
- def issue_token!
- super.tap do |access_grant|
- create_openid_request(access_grant) if pre_auth.nonce.present?
- end
- end
-
- alias issue_token issue_token!
- else
- # FIXME: drop this after dropping support of Doorkeeper < 5.4
- def issue_token
- super.tap do |access_grant|
- create_openid_request(access_grant) if pre_auth.nonce.present?
- end
- end
- end
-
- private
-
- def create_openid_request(access_grant)
- ::Doorkeeper::OpenidConnect::Request.create!(
- access_grant: access_grant,
- nonce: pre_auth.nonce
- )
- end
- end
- end
- end
- end
-
- OAuth::Authorization::Code.prepend OpenidConnect::OAuth::Authorization::Code
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb
deleted file mode 100644
index 1044d66385071..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/authorization_code_request.rb
+++ /dev/null
@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module OAuth
- module AuthorizationCodeRequest
- private
-
- def after_successful_response
- super
-
- nonce =
- if (openid_request = grant.openid_request)
- openid_request.destroy!
- openid_request.nonce
- end
-
- id_token = Doorkeeper::OpenidConnect::IdToken.new(access_token, nonce)
- @response.id_token = id_token
- end
- end
- end
- end
-
- OAuth::AuthorizationCodeRequest.prepend OpenidConnect::OAuth::AuthorizationCodeRequest
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb
deleted file mode 100644
index 9e00f639ad89e..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/password_access_token_request.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module OAuth
- module PasswordAccessTokenRequest
- attr_reader :nonce
-
- if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.1')
- def initialize(server, client, credentials, resource_owner, parameters = {})
- super
- @nonce = parameters[:nonce]
- end
- else
- def initialize(server, client, resource_owner, parameters = {})
- super
- @nonce = parameters[:nonce]
- end
- end
-
- private
-
- def after_successful_response
- id_token = Doorkeeper::OpenidConnect::IdToken.new(access_token, nonce)
- @response.id_token = id_token
- super
- end
- end
- end
- end
-
- OAuth::PasswordAccessTokenRequest.prepend OpenidConnect::OAuth::PasswordAccessTokenRequest
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb
deleted file mode 100644
index 231f065a26836..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/pre_authorization.rb
+++ /dev/null
@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module OAuth
- module PreAuthorization
- attr_reader :nonce
-
- def initialize(server, attrs = {}, resource_owner = nil)
- super
- @nonce = attrs[:nonce]
- end
-
- # NOTE: Auto get default response_mode of specified response_type if response_mode is not
- # yet present. We can delete this method after Doorkeeper's minimize version support it.
- def response_on_fragment?
- return response_mode == 'fragment' if response_mode.present?
-
- grant_flow = server.authorization_response_flows.detect do |flow|
- flow.matches_response_type?(response_type)
- end
-
- grant_flow&.default_response_mode == 'fragment'
- end
- end
- end
- end
-
- OAuth::PreAuthorization.prepend OpenidConnect::OAuth::PreAuthorization
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/token_response.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/token_response.rb
deleted file mode 100644
index 9aa3c4139619d..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/oauth/token_response.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module OAuth
- module TokenResponse
- attr_accessor :id_token
-
- def body
- if token.includes_scope? 'openid'
- id_token = self.id_token || Doorkeeper::OpenidConnect::IdToken.new(token)
-
- super
- .merge(id_token: id_token.as_jws_token)
- .reject { |_, value| value.blank? }
- else
- super
- end
- end
- end
- end
- end
-
- OAuth::TokenResponse.prepend OpenidConnect::OAuth::TokenResponse
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record.rb
deleted file mode 100644
index e9005ab6ed946..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record.rb
+++ /dev/null
@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-
-require 'active_support/lazy_load_hooks'
-
-module Doorkeeper
- module OpenidConnect
- autoload :AccessGrant, "doorkeeper/openid_connect/orm/active_record/access_grant"
- autoload :Request, "doorkeeper/openid_connect/orm/active_record/request"
-
- module Orm
- module ActiveRecord
- def run_hooks
- super
-
- if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
- Doorkeeper.config.access_grant_model.prepend Doorkeeper::OpenidConnect::AccessGrant
- else
- Doorkeeper::AccessGrant.prepend Doorkeeper::OpenidConnect::AccessGrant
- end
-
- if Doorkeeper.configuration.respond_to?(:active_record_options) && Doorkeeper.configuration.active_record_options[:establish_connection]
- [Doorkeeper::OpenidConnect::Request].each do |c|
- c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
- end
- end
- end
-
- def initialize_models!
- super
- ActiveSupport.on_load(:active_record) do
- require 'doorkeeper/openid_connect/orm/active_record/access_grant'
- require 'doorkeeper/openid_connect/orm/active_record/request'
-
- if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
- Doorkeeper.config.access_grant_model.prepend Doorkeeper::OpenidConnect::AccessGrant
- else
- Doorkeeper::AccessGrant.prepend Doorkeeper::OpenidConnect::AccessGrant
- end
-
- if Doorkeeper.configuration.active_record_options[:establish_connection]
- [Doorkeeper::OpenidConnect::Request].each do |c|
- c.send :establish_connection, Doorkeeper.configuration.active_record_options[:establish_connection]
- end
- end
- end
- end
- end
- end
- end
-
- Orm::ActiveRecord.singleton_class.send :prepend, OpenidConnect::Orm::ActiveRecord
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb
deleted file mode 100644
index 3e51f45e63dd5..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/access_grant.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module AccessGrant
- def self.prepended(base)
- base.class_eval do
- has_one :openid_request,
- class_name: 'Doorkeeper::OpenidConnect::Request',
- foreign_key: 'access_grant_id',
- inverse_of: :access_grant,
- dependent: :delete
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/request.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/request.rb
deleted file mode 100644
index 009ba7bd752d7..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/orm/active_record/request.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class Request < ::ActiveRecord::Base
- self.table_name = "#{table_name_prefix}oauth_openid_requests#{table_name_suffix}".to_sym
-
- validates :access_grant_id, :nonce, presence: true
-
- if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.0')
- belongs_to :access_grant,
- class_name: Doorkeeper.config.access_grant_class.to_s,
- inverse_of: :openid_request
- else
- belongs_to :access_grant,
- class_name: 'Doorkeeper::AccessGrant',
- inverse_of: :openid_request
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes.rb
deleted file mode 100644
index 2a44c27f6164a..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes.rb
+++ /dev/null
@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-require 'doorkeeper/openid_connect/rails/routes/mapping'
-require 'doorkeeper/openid_connect/rails/routes/mapper'
-
-module Doorkeeper
- module OpenidConnect
- module Rails
- class Routes
- module Helper
- def use_doorkeeper_openid_connect(options = {}, &block)
- Doorkeeper::OpenidConnect::Rails::Routes.new(self, &block).generate_routes!(options)
- end
- end
-
- def self.install!
- ActionDispatch::Routing::Mapper.include Doorkeeper::OpenidConnect::Rails::Routes::Helper
- end
-
- attr_accessor :routes
-
- def initialize(routes, &block)
- @routes = routes
- @block = block
- end
-
- def generate_routes!(options)
- @mapping = Mapper.new.map(&@block)
- routes.scope options[:scope] || 'oauth', as: 'oauth' do
- map_route(:userinfo, :userinfo_routes)
- map_route(:discovery, :discovery_routes)
- end
-
- routes.scope as: 'oauth' do
- map_route(:discovery, :discovery_well_known_routes)
- end
- end
-
- private
-
- def map_route(name, method)
- return if @mapping.skipped?(name)
-
- mapping = @mapping[name]
-
- routes.scope controller: mapping[:controllers], as: mapping[:as] do
- send method
- end
- end
-
- def userinfo_routes
- routes.get :show, path: 'userinfo', as: ''
- routes.post :show, path: 'userinfo', as: nil
- end
-
- def discovery_routes
- routes.scope path: 'discovery' do
- routes.get :keys
- end
- end
-
- def discovery_well_known_routes
- routes.scope path: '.well-known' do
- routes.get :provider, path: 'openid-configuration'
- routes.get :provider, path: 'oauth-authorization-server'
- routes.get :webfinger
- end
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapper.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapper.rb
deleted file mode 100644
index 1931edcc7f0f4..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapper.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Rails
- class Routes
- class Mapper
- def initialize(mapping = Mapping.new)
- @mapping = mapping
- end
-
- def map(&block)
- instance_eval(&block) if block
- @mapping
- end
-
- def controllers(controller_names = {})
- @mapping.controllers.merge!(controller_names)
- end
-
- def skip_controllers(*controller_names)
- @mapping.skips = controller_names
- end
-
- def as(alias_names = {})
- @mapping.as.merge!(alias_names)
- end
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapping.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapping.rb
deleted file mode 100644
index 307f4045017dc..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/rails/routes/mapping.rb
+++ /dev/null
@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- module Rails
- class Routes
- class Mapping
- attr_accessor :controllers, :as, :skips
-
- def initialize
- @controllers = {
- userinfo: 'doorkeeper/openid_connect/userinfo',
- discovery: 'doorkeeper/openid_connect/discovery'
- }
-
- @as = {
- userinfo: :userinfo,
- discovery: :discovery
- }
-
- @skips = []
- end
-
- def [](routes)
- {
- controllers: @controllers[routes],
- as: @as[routes]
- }
- end
-
- def skipped?(controller)
- @skips.include?(controller)
- end
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/user_info.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/user_info.rb
deleted file mode 100644
index 9b82334c111ec..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/user_info.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class UserInfo
- include ActiveModel::Validations
-
- def initialize(access_token)
- @access_token = access_token
- end
-
- def claims
- {
- sub: subject
- }.merge ClaimsBuilder.generate(@access_token, :user_info)
- end
-
- def as_json(*_)
- claims.reject { |_, value| value.nil? || value == '' }
- end
-
- private
-
- def subject
- Doorkeeper::OpenidConnect.configuration.subject.call(resource_owner, application).to_s
- end
-
- def resource_owner
- @resource_owner ||= Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token.call(@access_token)
- end
-
- def application
- @application ||= @access_token.application
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/version.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/version.rb
deleted file mode 100644
index 4a17095e367f5..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/openid_connect/version.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- VERSION = '1.8.9'
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token.rb
deleted file mode 100644
index 1c6967001ac25..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require 'doorkeeper/request/strategy'
-
-module Doorkeeper
- module Request
- class IdToken < Strategy
- delegate :current_resource_owner, to: :server
-
- def pre_auth
- server.context.send(:pre_auth)
- end
-
- def request
- @request ||= OAuth::IdTokenRequest.new(pre_auth, current_resource_owner)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token_token.rb b/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token_token.rb
deleted file mode 100644
index 100d6a18f1ed9..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/doorkeeper/request/id_token_token.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-require 'doorkeeper/request/strategy'
-
-module Doorkeeper
- module Request
- class IdTokenToken < Strategy
- delegate :current_resource_owner, to: :server
-
- def pre_auth
- server.context.send(:pre_auth)
- end
-
- def request
- @request ||= OAuth::IdTokenTokenRequest.new(pre_auth, current_resource_owner)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/install_generator.rb b/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/install_generator.rb
deleted file mode 100644
index 8d3a46693328f..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/install_generator.rb
+++ /dev/null
@@ -1,17 +0,0 @@
-# frozen_string_literal: true
-
-module Doorkeeper
- module OpenidConnect
- class InstallGenerator < ::Rails::Generators::Base
- include ::Rails::Generators::Migration
- source_root File.expand_path('templates', __dir__)
- desc 'Installs Doorkeeper OpenID Connect.'
-
- def install
- template 'initializer.rb', 'config/initializers/doorkeeper_openid_connect.rb'
- copy_file File.expand_path('../../../../config/locales/en.yml', __dir__), 'config/locales/doorkeeper_openid_connect.en.yml'
- route 'use_doorkeeper_openid_connect'
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/migration_generator.rb b/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/migration_generator.rb
deleted file mode 100644
index 50fecec6189dd..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/migration_generator.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails/generators/active_record'
-
-module Doorkeeper
- module OpenidConnect
- class MigrationGenerator < ::Rails::Generators::Base
- include ::Rails::Generators::Migration
- source_root File.expand_path('templates', __dir__)
- desc 'Installs Doorkeeper OpenID Connect migration file.'
-
- def install
- migration_template(
- 'migration.rb.erb',
- 'db/migrate/create_doorkeeper_openid_connect_tables.rb',
- migration_version: migration_version
- )
- end
-
- def self.next_migration_number(dirname)
- ActiveRecord::Generators::Base.next_migration_number(dirname)
- end
-
- private
-
- def migration_version
- if ActiveRecord::VERSION::MAJOR >= 5
- "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
- end
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/initializer.rb b/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/initializer.rb
deleted file mode 100644
index 4c322760115ab..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/initializer.rb
+++ /dev/null
@@ -1,72 +0,0 @@
-# frozen_string_literal: true
-
-Doorkeeper::OpenidConnect.configure do
- issuer do |resource_owner, application|
- 'issuer string'
- end
-
- signing_key <<~KEY
- -----BEGIN RSA PRIVATE KEY-----
- ....
- -----END RSA PRIVATE KEY-----
- KEY
-
- subject_types_supported [:public]
-
- resource_owner_from_access_token do |access_token|
- # Example implementation:
- # User.find_by(id: access_token.resource_owner_id)
- end
-
- auth_time_from_resource_owner do |resource_owner|
- # Example implementation:
- # resource_owner.current_sign_in_at
- end
-
- reauthenticate_resource_owner do |resource_owner, return_to|
- # Example implementation:
- # store_location_for resource_owner, return_to
- # sign_out resource_owner
- # redirect_to new_user_session_url
- end
-
- # Depending on your configuration, a DoubleRenderError could be raised
- # if render/redirect_to is called at some point before this callback is executed.
- # To avoid the DoubleRenderError, you could add these two lines at the beginning
- # of this callback: (Reference: https://github.com/rails/rails/issues/25106)
- # self.response_body = nil
- # @_response_body = nil
- select_account_for_resource_owner do |resource_owner, return_to|
- # Example implementation:
- # store_location_for resource_owner, return_to
- # redirect_to account_select_url
- end
-
- subject do |resource_owner, application|
- # Example implementation:
- # resource_owner.id
-
- # or if you need pairwise subject identifier, implement like below:
- # Digest::SHA256.hexdigest("#{resource_owner.id}#{URI.parse(application.redirect_uri).host}#{'your_secret_salt'}")
- end
-
- # Protocol to use when generating URIs for the discovery endpoint,
- # for example if you also use HTTPS in development
- # protocol do
- # :https
- # end
-
- # Expiration time on or after which the ID Token MUST NOT be accepted for processing. (default 120 seconds).
- # expiration 600
-
- # Example claims:
- # claims do
- # normal_claim :_foo_ do |resource_owner|
- # resource_owner.foo
- # end
-
- # normal_claim :_bar_ do |resource_owner|
- # resource_owner.bar
- # end
- # end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/migration.rb.erb b/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/migration.rb.erb
deleted file mode 100644
index 05dac3eece504..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/lib/generators/doorkeeper/openid_connect/templates/migration.rb.erb
+++ /dev/null
@@ -1,15 +0,0 @@
-class CreateDoorkeeperOpenidConnectTables < ActiveRecord::Migration<%= migration_version %>
- def change
- create_table :oauth_openid_requests do |t|
- t.references :access_grant, null: false, index: true
- t.string :nonce, null: false
- end
-
- add_foreign_key(
- :oauth_openid_requests,
- :oauth_access_grants,
- column: :access_grant_id,
- on_delete: :cascade
- )
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/controllers/discovery_controller_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/controllers/discovery_controller_spec.rb
deleted file mode 100644
index 68a0341275da3..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/controllers/discovery_controller_spec.rb
+++ /dev/null
@@ -1,316 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::DiscoveryController, type: :controller do
- describe '#provider' do
- it 'returns the provider configuration' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data.sort).to match({
- 'issuer' => 'dummy',
- 'authorization_endpoint' => 'http://test.host/oauth/authorize',
- 'token_endpoint' => 'http://test.host/oauth/token',
- 'revocation_endpoint' => 'http://test.host/oauth/revoke',
- 'introspection_endpoint' => 'http://test.host/oauth/introspect',
- 'userinfo_endpoint' => 'http://test.host/oauth/userinfo',
- 'jwks_uri' => 'http://test.host/oauth/discovery/keys',
-
- 'scopes_supported' => ['openid'],
- 'response_types_supported' => ['code', 'token', 'id_token', 'id_token token'],
- 'response_modes_supported' => %w[query fragment form_post],
- 'grant_types_supported' => %w[authorization_code client_credentials implicit_oidc],
-
- 'token_endpoint_auth_methods_supported' => %w[client_secret_basic client_secret_post],
-
- 'subject_types_supported' => [
- 'public',
- ],
-
- 'id_token_signing_alg_values_supported' => [
- 'RS256',
- ],
-
- 'claim_types_supported' => [
- 'normal',
- ],
-
- 'claims_supported' => %w[
- iss
- sub
- aud
- exp
- iat
- name
- variable_name
- created_at
- updated_at
- token_id
- both_responses
- id_token_response
- user_info_response
- ],
-
- 'code_challenge_methods_supported' => %w[
- plain
- S256
- ],
- }.sort)
- end
-
- context 'when refresh_token grant type is enabled' do
- before { Doorkeeper.configure { use_refresh_token } }
-
- it 'add refresh_token to grant_types_supported' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['grant_types_supported']).to eq %w[authorization_code client_credentials refresh_token]
- end
- end
-
- context 'when issuer block' do
- before { Doorkeeper::OpenidConnect.configure { issuer do |r, a| "test-issuer" end } }
-
- it 'return blocks result' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['issuer']).to eq "test-issuer"
- end
- end
-
- context 'when grant_flows is configed with only client_credentials' do
- before { Doorkeeper.configure { grant_flows %w[client_credentials] } }
-
- it 'return empty response_modes_supported' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['response_modes_supported']).to eq []
- end
- end
-
- context 'when grant_flows is configed only implicit flow' do
- before { Doorkeeper.configure { grant_flows %w[implicit_oidc] } }
-
- it 'return fragment and form_post as response_modes_supported' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['response_modes_supported']).to eq %w[fragment form_post]
- end
- end
-
- context 'when grant_flows is configed with authorization_code and implicit flow' do
- before { Doorkeeper.configure { grant_flows %w[authorization_code implicit_oidc] } }
-
- it 'return query, fragment and form_post as response_modes_supported' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['response_modes_supported']).to eq %w[query fragment form_post]
- end
- end
-
- it 'uses the protocol option for generating URLs' do
- Doorkeeper::OpenidConnect.configure do
- protocol { :testing }
- end
-
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['authorization_endpoint']).to eq 'testing://test.host/oauth/authorize'
- end
-
- context 'when the discovery_url_options option is set for all endpoints' do
- before do
- Doorkeeper::OpenidConnect.configure do
- discovery_url_options do |request|
- {
- authorization: { host: 'alternate-authorization.host' },
- token: { host: 'alternate-token.host' },
- revocation: { host: 'alternate-revocation.host' },
- introspection: { host: 'alternate-introspection.host' },
- userinfo: { host: 'alternate-userinfo.host' },
- jwks: { host: 'alternate-jwks.host' }
- }
- end
- end
- end
-
- it 'uses the discovery_url_options option when generating the endpoint urls' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['authorization_endpoint']).to eq 'http://alternate-authorization.host/oauth/authorize'
- expect(data['token_endpoint']).to eq 'http://alternate-token.host/oauth/token'
- expect(data['revocation_endpoint']).to eq 'http://alternate-revocation.host/oauth/revoke'
- expect(data['introspection_endpoint']).to eq 'http://alternate-introspection.host/oauth/introspect'
- expect(data['userinfo_endpoint']).to eq 'http://alternate-userinfo.host/oauth/userinfo'
- expect(data['jwks_uri']).to eq 'http://alternate-jwks.host/oauth/discovery/keys'
- end
- end
-
- context 'when the discovery_url_options option is only set for some endpoints' do
- before do
- Doorkeeper::OpenidConnect.configure do
- discovery_url_options do |request|
- { authorization: { host: 'alternate-authorization.host' } }
- end
- end
- end
-
- it 'does not use the discovery_url_options option when generating other URLs' do
- get :provider
- data = JSON.parse(response.body)
-
- {
- 'token_endpoint' => 'http://test.host/oauth/token',
- 'revocation_endpoint' => 'http://test.host/oauth/revoke',
- 'introspection_endpoint' => 'http://test.host/oauth/introspect',
- 'userinfo_endpoint' => 'http://test.host/oauth/userinfo',
- 'jwks_uri' => 'http://test.host/oauth/discovery/keys',
- }.each do |endpoint, expected_url|
- expect(data[endpoint]).to eq expected_url
- end
- end
- end
-
- it 'does not return an end session endpoint if none is configured' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data.key?('end_session_endpoint')).to be(false)
- end
-
- it 'uses the configured end session endpoint with self as context' do
- Doorkeeper::OpenidConnect.configure do
- end_session_endpoint -> { logout_url }
- end
-
- def controller.logout_url
- 'http://test.host/logout'
- end
-
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['end_session_endpoint']).to eq 'http://test.host/logout'
- end
-
- context 'when token inspection is disallowed' do
- let(:doorkeeper_config) { Doorkeeper.config }
- let!(:allow_token_introspection) { doorkeeper_config.allow_token_introspection }
-
- before do
- allow(doorkeeper_config).to receive(:allow_token_introspection).and_return(false)
- Rails.application.reload_routes!
- end
-
- after do
- allow(doorkeeper_config).to receive(:allow_token_introspection).and_return(allow_token_introspection)
- Rails.application.reload_routes!
- end
-
- it 'does not return introspection_endpoint' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data.key?('introspection_endpoint')).to be(false)
- end
- end
- end
-
- describe '#webfinger' do
- it 'requires the resource parameter' do
- expect do
- get :webfinger
- end.to raise_error ActionController::ParameterMissing
- end
-
- it 'returns the OpenID Connect relation' do
- get :webfinger, params: { resource: 'user@example.com' }
- data = JSON.parse(response.body)
-
- expect(data.sort).to eq({
- 'subject' => 'user@example.com',
- 'links' => [
- 'rel' => 'http://openid.net/specs/connect/1.0/issuer',
- 'href' => 'http://test.host/',
- ],
- }.sort)
- end
-
- context 'when the discovery_url_options option is set for webfinger endpoint' do
- before do
- Doorkeeper::OpenidConnect.configure do
- discovery_url_options do |request|
- { webfinger: { host: 'alternate-webfinger.host' } }
- end
- end
- end
-
- it 'uses the discovery_url_options option when generating the webfinger endpoint url' do
- get :webfinger, params: { resource: 'user@example.com' }
- data = JSON.parse(response.body)
-
- expect(data['links'].first['href']).to eq 'http://alternate-webfinger.host/'
- end
- end
-
- context 'when the discovery_url_options option uses the request for an endpoint' do
- before do
- Doorkeeper::OpenidConnect.configure do
- discovery_url_options do |request|
- {
- authorization: { host: 'alternate-authorization.host',
- protocol: request.ssl? ? :https : :testing }
- }
- end
- end
- end
-
- it 'uses the discovery_url_options option when generating the webfinger endpoint url' do
- get :provider
- data = JSON.parse(response.body)
-
- expect(data['authorization_endpoint']).to eq 'testing://alternate-authorization.host/oauth/authorize'
- end
- end
- end
-
- describe '#keys' do
- subject { get :keys }
-
- shared_examples 'a key response' do |options|
- expected_parameters = options[:expected_parameters]
-
- it "includes only #{expected_parameters.join(', ')} parameters" do
- subject
- data = JSON.parse(response.body)
- key = data['keys'].first
-
- expect(key.keys.map(&:to_sym)).to match_array(expected_parameters)
- end
- end
-
- context 'when using an RSA key' do
- it_behaves_like 'a key response', expected_parameters: %i[kty kid e n use alg]
- end
-
- context 'when using an EC key' do
- before { configure_ec }
-
- it_behaves_like 'a key response', expected_parameters: %i[kty kid crv x y use alg]
- end
-
- context 'when using an HMAC key' do
- before { configure_hmac }
-
- it_behaves_like 'a key response', expected_parameters: %i[kty kid use alg]
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorizations_controller_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorizations_controller_spec.rb
deleted file mode 100644
index 7f1da7da590a9..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorizations_controller_spec.rb
+++ /dev/null
@@ -1,433 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::AuthorizationsController, type: :controller do
- let(:user) { create :user }
- let(:application) { create :application, scopes: default_scopes }
- let(:default_scopes) { 'openid profile' }
- let(:token_attributes) { { application_id: application.id, resource_owner_id: user.id, scopes: default_scopes } }
-
- def authorize!(params = {})
- get :new, params: {
- response_type: 'code',
- response_mode: '',
- current_user: user.id,
- client_id: application.uid,
- scope: default_scopes,
- redirect_uri: application.redirect_uri,
- }.merge(params)
- end
-
- def build_redirect_uri(params = {}, type: 'query')
- case type
- when 'query'
- Doorkeeper::OAuth::Authorization::URIBuilder.uri_with_query(application.redirect_uri, params)
- when 'fragment'
- Doorkeeper::OAuth::Authorization::URIBuilder.uri_with_fragment(application.redirect_uri, params)
- else
- raise ArgumentError, "Unsupported uri type #{type}"
- end
- end
-
- def expect_authorization_form!
- expect(response).to be_successful
- expect(response).to render_template('doorkeeper/authorizations/new')
- end
-
- def expect_successful_callback!
- expect(response).to be_redirect
- expect(response.location).to match(/^#{Regexp.quote application.redirect_uri}\?code=[-\w]+$/)
- end
-
- describe '#authenticate_resource_owner!' do
- it 'redirects to login form when not logged in' do
- authorize! current_user: nil
-
- expect(response).to redirect_to '/login'
- end
-
- context 'with OIDC requests' do
- before do
- expect(controller).to receive(:handle_oidc_prompt_param!)
- expect(controller).to receive(:handle_oidc_max_age_param!)
- end
-
- it 'renders the authorization form if logged in' do
- authorize!
-
- expect_authorization_form!
- end
- end
-
- context 'with non-OIDC requests' do
- before do
- expect(controller).not_to receive(:handle_oidc_prompt_param!)
- expect(controller).not_to receive(:handle_oidc_max_age_param!)
- end
-
- it 'when action is not :new' do
- get :show, params: {
- response_type: 'code',
- current_user: user.id,
- client_id: application.uid,
- scope: default_scopes,
- redirect_uri: application.redirect_uri,
- }
-
- expect(response).to render_template('doorkeeper/authorizations/show')
- end
-
- context 'when pre_authorization is invalid' do
- it 'render error when client_id is missing' do
- authorize!(client_id: nil)
-
- expect(response).to be_successful
- expect(response).to render_template('doorkeeper/authorizations/error')
- end
-
- it 'render error when response_type is missing' do
- authorize!(response_type: nil)
-
- expect(response).to be_successful
- expect(response).to render_template('doorkeeper/authorizations/error')
- end
- end
-
- it 'when openid scope is not present' do
- authorize!(scope: 'profile')
-
- expect_authorization_form!
- end
- end
- end
-
- describe '#handle_oidc_prompt_param!' do
- it 'is ignored when the openid scope is not present' do
- authorize! scope: 'profile', prompt: 'invalid'
-
- expect_authorization_form!
- end
-
- context 'with a prompt=none parameter' do
- context 'and a matching token' do
- before do
- create :access_token, token_attributes
- end
-
- it 'redirects to the callback if logged in' do
- authorize! prompt: 'none'
-
- expect_successful_callback!
- end
-
- context 'when another prompt value is present' do
- let(:error_params) do
- {
- 'error' => 'invalid_request',
- 'error_description' => 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.',
- }
- end
- let(:request_param) { { prompt: 'none login' } }
-
- it 'redirect as the query uri with an invalid_request error' do
- authorize! request_param
-
- expect(response).to redirect_to build_redirect_uri(error_params)
- end
-
- it 'redirect as the fragment style uri when response_type is implicit flow request' do
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- authorize! request_param.merge(response_type: 'id_token token')
-
- expect(response).to redirect_to build_redirect_uri(error_params, type: 'fragment')
- end
-
- it 'set @authorize_response variable and render form_post template and when the form_post response_mode is specified' do
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- authorize! request_param.merge(response_type: 'id_token token', response_mode: 'form_post')
-
- authorize_response = controller.instance_variable_get :@authorize_response
- expect(authorize_response.body.to_json).to eq(error_params.to_json)
- expect(response).to render_template(:form_post)
- end
- end
-
- context 'when not logged in' do
- let(:error_params) do
- {
- 'error' => 'login_required',
- 'error_description' => 'The authorization server requires end-user authentication',
- 'state' => 'somestate',
- }
- end
- let(:request_param) { { current_user: nil } }
-
- it 'returns a login_required error' do
- authorize! request_param.merge(prompt: 'none', state: 'somestate')
-
- expect(response).to redirect_to build_redirect_uri(error_params)
- end
-
- it 'redirect as the fragment style uri when response_type is implicit flow request' do
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- authorize! request_param.merge(response_type: 'id_token token', prompt: 'none', state: 'somestate')
-
- expect(response).to redirect_to build_redirect_uri(error_params, type: 'fragment')
- end
-
- it 'set @authorize_response variable and render form_post template and when the form_post response_mode is specified' do
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- authorize! request_param.merge(response_type: 'id_token token', response_mode: 'form_post', prompt: 'none', state: 'somestate')
-
- authorize_response = controller.instance_variable_get :@authorize_response
- expect(authorize_response.body.to_json).to eq(error_params.to_json)
- expect(response).to render_template(:form_post)
- end
- end
- end
-
- context 'and no matching token' do
- it 'redirects to the callback if skip_authorization is set to true' do
- allow(controller).to receive(:skip_authorization?).and_return(true)
-
- authorize! prompt: 'none'
- expect_successful_callback!
- end
-
- context 'when not logged in' do
- let(:error_params) do
- {
- 'error' => 'login_required',
- 'error_description' => 'The authorization server requires end-user authentication',
- 'state' => 'somestate',
- }
- end
- let(:request_param) { { current_user: nil } }
-
- it 'returns the login_required error when not logged in' do
- authorize! request_param.merge(prompt: 'none', state: 'somestate')
-
- expect(response).to redirect_to build_redirect_uri(error_params)
- end
-
- it 'uses the fragment style uris when redirecting an error for implicit flow request' do
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- authorize! request_param.merge(response_type: 'id_token token', prompt: 'none', state: 'somestate')
-
- expect(response).to redirect_to build_redirect_uri(error_params, type: 'fragment')
- end
-
- it 'set @authorize_response variable and render form_post template and when the form_post response_mode is specified' do
- allow(Doorkeeper.configuration).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- authorize! request_param.merge(response_type: 'id_token token', response_mode: 'form_post', prompt: 'none', state: 'somestate')
-
- authorize_response = controller.instance_variable_get :@authorize_response
- expect(authorize_response.body.to_json).to eq(error_params.to_json)
- expect(response).to render_template(:form_post)
- end
- end
-
- it 'returns a consent_required error when logged in' do
- authorize! prompt: 'none'
-
- error_params = {
- 'error' => 'consent_required',
- 'error_description' => 'The authorization server requires end-user consent',
- }
-
- expect(response).to redirect_to build_redirect_uri(error_params)
- end
- end
- end
-
- context 'with a prompt=login parameter' do
- it 'redirects to the sign in form if not logged in' do
- authorize! prompt: 'login', current_user: nil
-
- expect(response).to redirect_to('/login')
- end
-
- it 'reauthenticates the user if logged in' do
- authorize! prompt: 'login'
-
- expect(response).to redirect_to('/reauthenticate')
- end
- end
-
- context 'with a prompt=consent parameter' do
- it 'redirects to the sign in form if not logged in' do
- authorize! prompt: 'consent', current_user: nil
-
- expect(response).to redirect_to('/login')
- end
-
- it 'renders the authorization form even if a matching token is present' do
- create :access_token, token_attributes
- authorize! prompt: 'consent'
-
- expect_authorization_form!
- end
- end
-
- context 'with a prompt=select_account parameter' do
- it 'redirects to the select account screen' do
- authorize! prompt: 'select_account'
-
- expect(response).to redirect_to('/select_account')
- end
- end
-
- context 'with an unknown prompt parameter' do
- it 'returns an invalid_request error' do
- authorize! prompt: 'maybe'
-
- error_params = {
- 'error' => 'invalid_request',
- 'error_description' => 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.',
- }
-
- expect(response).to redirect_to build_redirect_uri(error_params)
- end
-
- it 'does not redirect to an invalid redirect_uri' do
- authorize! prompt: 'maybe', redirect_uri: 'https://evilapp.com'
-
- expect(response).not_to be_redirect
- end
- end
- end
-
- describe '#handle_oidc_max_age_param!' do
- context 'with an invalid max_age parameter' do
- it 'renders the authorization form' do
- %w[0 -1 -23 foobar].each do |max_age|
- authorize! max_age: max_age
-
- expect_authorization_form!
- end
- end
- end
-
- context 'with a max_age=10 parameter' do
- it 'renders the authorization form if the users last login was within 10 seconds' do
- user.update! current_sign_in_at: 5.seconds.ago
- authorize! max_age: 10
-
- expect_authorization_form!
- end
-
- it 'reauthenticates the user if the last login was longer than 10 seconds ago' do
- user.update! current_sign_in_at: 5.minutes.ago
- authorize! max_age: 10
-
- expect(response).to redirect_to '/reauthenticate'
- end
-
- it 'reauthenticates the user if the last login is unknown' do
- user.update! current_sign_in_at: nil
- authorize! max_age: 10
-
- expect(response).to redirect_to '/reauthenticate'
- end
- end
- end
-
- describe '#reauthenticate_oidc_resource_owner' do
- let(:performed) { true }
-
- before do
- allow(subject).to receive(:performed?) { performed }
- allow(subject.request).to receive(:path).and_return('/oauth/authorize')
- allow(subject.request).to receive(:query_parameters) {
- { client_id: 'foo', prompt: 'login consent select_account' }.with_indifferent_access
- }
- end
-
- def reauthenticate!
- passed_args = nil
-
- Doorkeeper::OpenidConnect.configure do
- reauthenticate_resource_owner do |*args|
- passed_args = args
- end
- end
-
- subject.send :reauthenticate_oidc_resource_owner, user
- passed_args
- end
-
- it 'calls reauthenticate_resource_owner with the current user and the return path' do
- resource_owner, return_to = reauthenticate!
-
- expect(resource_owner).to eq user
- expect(return_to).to eq '/oauth/authorize?client_id=foo&prompt=consent+select_account'
- end
-
- it 'removes login from the prompt parameter and keeps other values' do
- _, return_to = reauthenticate!
- return_params = Rack::Utils.parse_query(URI.parse(return_to).query)
-
- expect(return_params['prompt']).to eq 'consent select_account'
- end
-
- context 'with a reauthenticator that does not generate a response' do
- let(:performed) { false }
-
- it 'raises a login_required error' do
- expect do
- reauthenticate!
- end.to raise_error(Doorkeeper::OpenidConnect::Errors::LoginRequired)
- end
- end
- end
-
- describe '#select_account_for_resource_owner' do
- before do
- allow(subject.request).to receive(:path).and_return('/oauth/authorize')
- allow(subject.request).to receive(:query_parameters) {
- { client_id: 'foo', prompt: 'login consent select_account' }.with_indifferent_access
- }
- end
-
- def select_account!
- passed_args = nil
-
- Doorkeeper::OpenidConnect.configure do
- select_account_for_resource_owner do |*args|
- passed_args = args
- end
- end
-
- subject.send :select_account_for_oidc_resource_owner, user
- passed_args
- end
-
- it 'calls select_account_for_resource_owner with the current user and the return path' do
- resource_owner, return_to = select_account!
-
- expect(resource_owner).to eq user
- expect(return_to).to eq '/oauth/authorize?client_id=foo&prompt=login+consent'
- end
-
- it 'removes select_account from the prompt parameter and keeps other values' do
- _, return_to = select_account!
- return_params = Rack::Utils.parse_query(URI.parse(return_to).query)
-
- expect(return_params['prompt']).to eq 'login consent'
- end
- end
-
- describe '#pre_auth' do
- it 'permits nonce parameter' do
- authorize! nonce: '123456'
- expect(assigns(:pre_auth).nonce).to eq '123456'
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorized_applications_controller_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorized_applications_controller_spec.rb
deleted file mode 100644
index f5e43afc519d8..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/controllers/doorkeeper/authorized_applications_controller_spec.rb
+++ /dev/null
@@ -1,15 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::AuthorizedApplicationsController, type: :controller do
- let(:access_token) { create :access_token }
-
- describe '#index' do
- it 'does not run the extended #authenticate_resource_owner!' do
- expect do
- get :index
- end.not_to raise_error
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/controllers/userinfo_controller_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/controllers/userinfo_controller_spec.rb
deleted file mode 100644
index ba7007ae5c163..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/controllers/userinfo_controller_spec.rb
+++ /dev/null
@@ -1,65 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::UserinfoController, type: :controller do
- let(:client) { create :application }
- let(:user) { create :user, name: 'Joe' }
- let(:token) { create :access_token, application: client, resource_owner_id: user.id }
-
- describe '#show' do
- context 'with a valid access token authorized for the openid scope' do
- let(:token) { create :access_token, application: client, resource_owner_id: user.id, scopes: 'openid' }
-
- it 'returns the basic user information as JSON' do
- get :show, params: { access_token: token.token }
-
- expect(response.status).to eq 200
- expect(JSON.parse(response.body)).to eq({
- 'sub' => user.id.to_s,
- 'variable_name' => 'openid-name',
- 'created_at' => user.created_at.to_i,
- 'token_id' => token.id,
- 'both_responses' => 'both',
- 'user_info_response' => 'user_info',
- })
- end
- end
-
- context 'with a valid access token authorized for the openid and profile scopes' do
- let(:token) { create :access_token, application: client, resource_owner_id: user.id, scopes: 'openid profile' }
-
- it 'returns the full user information as JSON' do
- get :show, params: { access_token: token.token }
-
- expect(response.status).to eq 200
- expect(JSON.parse(response.body)).to eq({
- 'sub' => user.id.to_s,
- 'name' => 'Joe',
- 'variable_name' => 'profile-name',
- 'created_at' => user.created_at.to_i,
- 'updated_at' => user.updated_at.to_i,
- 'token_id' => token.id,
- 'both_responses' => 'both',
- 'user_info_response' => 'user_info',
- })
- end
- end
-
- context 'with a valid access token not authorized for the openid scope' do
- it 'returns an error' do
- get :show, params: { access_token: token.token }
-
- expect(response.status).to eq 403
- end
- end
-
- context 'without a valid access token' do
- it 'returns an error' do
- get :show, params: { access_token: 'foobar' }
-
- expect(response.status).to eq 401
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/Rakefile b/vendor/gems/doorkeeper-openid_connect/spec/dummy/Rakefile
deleted file mode 100644
index 488c551fee2cd..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/Rakefile
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-# Add your own tasks in files placed in lib/tasks ending in .rake,
-# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
-
-require_relative 'config/application'
-
-Rails.application.load_tasks
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/config/manifest.js b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/config/manifest.js
deleted file mode 100644
index bb109908b29eb..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/config/manifest.js
+++ /dev/null
@@ -1,3 +0,0 @@
-
-//= link_tree ../images
-//= link_directory ../stylesheets .css
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/images/.keep b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/images/.keep
deleted file mode 100644
index e69de29bb2d1d..0000000000000
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/javascripts/application.js b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/javascripts/application.js
deleted file mode 100644
index e54c6461cc303..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/javascripts/application.js
+++ /dev/null
@@ -1,13 +0,0 @@
-// This is a manifest file that'll be compiled into application.js, which will include all the files
-// listed below.
-//
-// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
-// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
-//
-// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-// compiled file. JavaScript code in this file should be added after the last require_* statement.
-//
-// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
-// about supported directives.
-//
-//= require_tree .
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/stylesheets/application.css b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/stylesheets/application.css
deleted file mode 100644
index 0ebd7fe8299eb..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/assets/stylesheets/application.css
+++ /dev/null
@@ -1,15 +0,0 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
- */
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/channel.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/channel.rb
deleted file mode 100644
index 9aec2305390f8..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/channel.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-module ApplicationCable
- class Channel < ActionCable::Channel::Base
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/connection.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/connection.rb
deleted file mode 100644
index 8d6c2a1bf4bbe..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/channels/application_cable/connection.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-module ApplicationCable
- class Connection < ActionCable::Connection::Base
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/controllers/application_controller.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/controllers/application_controller.rb
deleted file mode 100644
index 280cc28ce21a0..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/controllers/application_controller.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-class ApplicationController < ActionController::Base
- protect_from_forgery with: :exception
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/controllers/concerns/.keep b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/controllers/concerns/.keep
deleted file mode 100644
index e69de29bb2d1d..0000000000000
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/helpers/application_helper.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/helpers/application_helper.rb
deleted file mode 100644
index 15b06f0f67929..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/helpers/application_helper.rb
+++ /dev/null
@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-module ApplicationHelper
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/jobs/application_job.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/jobs/application_job.rb
deleted file mode 100644
index d92ffddcb5288..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/jobs/application_job.rb
+++ /dev/null
@@ -1,4 +0,0 @@
-# frozen_string_literal: true
-
-class ApplicationJob < ActiveJob::Base
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/mailers/application_mailer.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/mailers/application_mailer.rb
deleted file mode 100644
index d84cb6e71e954..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/mailers/application_mailer.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-class ApplicationMailer < ActionMailer::Base
- default from: 'from@example.com'
- layout 'mailer'
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/application_record.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/application_record.rb
deleted file mode 100644
index 71fbba5b32873..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/application_record.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-# frozen_string_literal: true
-
-class ApplicationRecord < ActiveRecord::Base
- self.abstract_class = true
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/concerns/.keep b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/concerns/.keep
deleted file mode 100644
index e69de29bb2d1d..0000000000000
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/user.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/user.rb
deleted file mode 100644
index 53124f5cce8ce..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/app/models/user.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-class User < ActiveRecord::Base
- def self.authenticate!(name, password)
- User.where(name: name, password: password).first
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/bundle b/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/bundle
deleted file mode 100755
index 2dbb71769eb04..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/bundle
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
-load Gem.bin_path('bundler', 'bundle')
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rails b/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rails
deleted file mode 100755
index a31728ab9778f..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rails
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-APP_PATH = File.expand_path('../config/application', __dir__)
-require_relative '../config/boot'
-require 'rails/commands'
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rake b/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rake
deleted file mode 100755
index c199955006061..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/rake
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require_relative '../config/boot'
-require 'rake'
-Rake.application.run
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/setup b/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/setup
deleted file mode 100755
index 31400462308ca..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/setup
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'pathname'
-require 'fileutils'
-include FileUtils
-
-# path to your application root.
-APP_ROOT = Pathname.new File.expand_path('..', __dir__)
-
-def system!(*args)
- system(*args) || abort("\n== Command #{args} failed ==")
-end
-
-chdir APP_ROOT do
- # This script is a starting point to setup your application.
- # Add necessary setup steps to this file.
-
- puts '== Installing dependencies =='
- system! 'gem install bundler --conservative'
- system('bundle check') || system!('bundle install')
-
- # puts "\n== Copying sample files =="
- # unless File.exist?('config/database.yml')
- # cp 'config/database.yml.sample', 'config/database.yml'
- # end
-
- puts "\n== Preparing database =="
- system! 'bin/rails db:setup'
-
- puts "\n== Removing old logs and tempfiles =="
- system! 'bin/rails log:clear tmp:clear'
-
- puts "\n== Restarting application server =="
- system! 'bin/rails restart'
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/update b/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/update
deleted file mode 100755
index 1d6aa6a5c935e..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/bin/update
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'pathname'
-require 'fileutils'
-include FileUtils
-
-# path to your application root.
-APP_ROOT = Pathname.new File.expand_path('..', __dir__)
-
-def system!(*args)
- system(*args) || abort("\n== Command #{args} failed ==")
-end
-
-chdir APP_ROOT do
- # This script is a way to update your development environment automatically.
- # Add necessary update steps to this file.
-
- puts '== Installing dependencies =='
- system! 'gem install bundler --conservative'
- system('bundle check') || system!('bundle install')
-
- puts "\n== Updating database =="
- system! 'bin/rails db:migrate'
-
- puts "\n== Removing old logs and tempfiles =="
- system! 'bin/rails log:clear tmp:clear'
-
- puts "\n== Restarting application server =="
- system! 'bin/rails restart'
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config.ru b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config.ru
deleted file mode 100644
index 842bccc3402da..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config.ru
+++ /dev/null
@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-# This file is used by Rack-based servers to start the application.
-
-require_relative 'config/environment'
-
-run Rails.application
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/application.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/application.rb
deleted file mode 100644
index f56092cf5d4fc..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/application.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-require_relative 'boot'
-
-# Pick the frameworks you want:
-require "active_record/railtie"
-require "action_controller/railtie"
-require "action_view/railtie"
-
-Bundler.require(*Rails.groups)
-
-module Dummy
- class Application < Rails::Application
- # Settings in config/environments/* take precedence over those specified here.
- # Application configuration should go into files in config/initializers
- # -- all .rb files in that directory are automatically loaded.
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/boot.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/boot.rb
deleted file mode 100644
index c9aef85d4041f..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/boot.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
-
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
-$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/database.yml b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/database.yml
deleted file mode 100644
index 5403ee52818c4..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/database.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-# SQLite version 3.x
-# gem install sqlite3
-#
-# Ensure the SQLite 3 gem is defined in your Gemfile
-# gem 'sqlite3'
-#
-development:
- adapter: sqlite3
- pool: 5
- timeout: 5000
- database: db/development.sqlite3
-
-# Warning: The database defined as "test" will be erased and
-# re-generated from your development database when you run "rake".
-# Do not set this db to the same as development or production.
-test:
- adapter: sqlite3
- pool: 5
- timeout: 5000
- database: db/test.sqlite3
-
-production:
- adapter: sqlite3
- pool: 5
- timeout: 5000
- database: db/production.sqlite3
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environment.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environment.rb
deleted file mode 100644
index 426333bb46978..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environment.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-# Load the Rails application.
-require_relative 'application'
-
-# Initialize the Rails application.
-Rails.application.initialize!
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environments/test.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environments/test.rb
deleted file mode 100644
index 1df1a5931abab..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/environments/test.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-Rails.application.configure do
- # Settings specified here will take precedence over those in config/application.rb.
-
- # The test environment is used exclusively to run your application's
- # test suite. You never need to work with it otherwise. Remember that
- # your test database is "scratch space" for the test suite and is wiped
- # and recreated between test runs. Don't rely on the data there!
- config.cache_classes = true
-
- # Do not eager load code on boot. This avoids loading your whole application
- # just for the purpose of running a single test. If you are using a tool that
- # preloads Rails for running tests, you may have to set it to true.
- config.eager_load = false
-
- # Show full error reports and disable caching.
- config.consider_all_requests_local = true
- config.action_controller.perform_caching = false
-
- # Raise exceptions instead of rendering exception templates.
- config.action_dispatch.show_exceptions = false
-
- # Disable request forgery protection in test environment.
- config.action_controller.allow_forgery_protection = false
-
- # Print deprecation notices to the stderr.
- config.active_support.deprecation = :stderr
-
- # Raises error for missing translations
- # config.action_view.raise_on_missing_translations = true
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper.rb
deleted file mode 100644
index a41b1222231a2..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-Doorkeeper.configure do
- optional_scopes :openid
-
- resource_owner_authenticator do
- if params[:current_user].present?
- User.find(params[:current_user])
- else
- redirect_to('/login')
- nil
- end
- end
-
- grant_flows %w[authorization_code client_credentials implicit_oidc]
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper_openid_connect.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper_openid_connect.rb
deleted file mode 100644
index a381972947918..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/initializers/doorkeeper_openid_connect.rb
+++ /dev/null
@@ -1,83 +0,0 @@
-# frozen_string_literal: true
-
-Doorkeeper::OpenidConnect.configure do
- issuer 'dummy'
-
- signing_key <<~EOL
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpgIBAAKCAQEAsjdnSA6UWUQQHf6BLIkIEUhMRNBJC1NN/pFt1EJmEiI88GS0
- ceROO5B5Ooo9Y3QOWJ/n+u1uwTHBz0HCTN4wgArWd1TcqB5GQzQRP4eYnWyPfi4C
- feqAHzQp+v4VwbcK0LW4FqtW5D0dtrFtI281FDxLhARzkhU2y7fuYhL8fVw5rUhE
- 8uwvHRZ5CEZyxf7BSHxIvOZAAymhuzNLATt2DGkDInU1BmF75tEtBJAVLzWG/j4L
- PZh1EpSdfezqaXQlcy9PJi916UzTl0P7Yy+ulOdUsMlB6yo8qKTY1+AbZ5jzneHb
- GDU/O8QjYvii1WDmJ60t0jXicmOkGrOhruOptwIDAQABAoIBAQChYNwMeu9IugJi
- NsEf4+JDTBWMRpOuRrwcpfIvQAUPrKNEB90COPvCoju0j9OxCDmpdPtq1K/zD6xx
- khlw485FVAsKufSp4+g6GJ75yT6gZtq1JtKo1L06BFFzb7uh069eeP7+wB6JxPHw
- KlAqwxvsfADhxeolQUKCTMb3Vjv/Aw2cO/nn6RAOeftw2aDmFy8Xl+oTUtSxyib0
- YCdU9cK8MxsxDdmowwHp04xRTm/wfG5hLEn7HMz1PP86iP9BiFsCqTId9dxEUTS1
- K+VAt9FbxRAq5JlBocxUMHNxLigb94Ca2FOMR7F6l/tronLfHD801YoObF0fN9qW
- Cgw4aTO5AoGBAOR79hiZVM7/l1cBid7hKSeMWKUZ/nrwJsVfNpu1H9xt9uDu+79U
- mcGfM7pm7L2qCNGg7eeWBHq2CVg/XQacRNtcTlomFrw4tDXUkFN1hE56t1iaTs9m
- dN9IDr6jFgf6UaoOxxoPT9Q1ZtO46l043Nzrkoz8cBEBaBY20bUDwCYjAoGBAMet
- tt1ImGF1cx153KbOfjl8v54VYUVkmRNZTa1E821nL/EMpoONSqJmRVsX7grLyPL1
- QyZe245NOvn63YM0ng0rn2osoKsMVJwYBEYjHL61iF6dPtW5p8FIs7auRnC3NrG0
- XxHATZ4xhHD0iIn14iXh0XIhUVk+nGktHU1gbmVdAoGBANniwKdqqS6RHKBTDkgm
- Dhnxw6MGa+CO3VpA1xGboxuRHeoY3KfzpIC5MhojBsZDvQ8zWUwMio7+w2CNZEfm
- g99wYiOjyPCLXocrAssj+Rzh97AdzuQHf5Jh4/W2Dk9jTbdPSl02ltj2Z+2lnJFz
- pWNjnqimHrSI09rDQi5NulJjAoGBAImquujVpDmNQFCSNA7NTzlTSMk09FtjgCZW
- 67cKUsqa2fLXRfZs84gD+s1TMks/NMxNTH6n57e0h3TSAOb04AM0kDQjkKJdXfhA
- lrHEg4z4m4yf3TJ9Tat09HJ+tRIBPzRFp0YVz23Btg4qifiUDdcQWdbWIb/l6vCY
- qhsu4O4BAoGBANbceYSDYRdT7a5QjJGibkC90Z3vFe4rDTBgZWg7xG0cpSU4JNg7
- SFR3PjWQyCg7aGGXiooCM38YQruACTj0IFub24MFRA4ZTXvrACvpsVokJlQiG0Z4
- tuQKYki41JvYqPobcq/rLE/AM7PKJftW35nqFuj0MrsUwPacaVwKBf5J
- -----END RSA PRIVATE KEY-----
- EOL
-
- subject_types_supported [:public]
-
- resource_owner_from_access_token do |access_token|
- User.find_by(id: access_token.resource_owner_id)
- end
-
- auth_time_from_resource_owner do |resource_owner|
- resource_owner.current_sign_in_at
- end
-
- reauthenticate_resource_owner do |_resource_owner, _return_to|
- redirect_to '/reauthenticate'
- end
-
- select_account_for_resource_owner do |_resource_owner, _return_to|
- redirect_to '/select_account'
- end
-
- subject do |resource_owner|
- resource_owner.id
- end
-
- claims do
- claim :name do |user|
- user.name
- end
-
- claim :variable_name, scope: :openid do |user, scopes|
- scopes.exists?(:profile) ? 'profile-name' : 'openid-name'
- end
-
- claim :created_at, scope: :openid do |user|
- user.created_at.to_i
- end
-
- claim :updated_at do |user|
- user.updated_at.to_i
- end
-
- claim :token_id, scope: :openid do |user, scopes, token|
- token.id
- end
-
- claim(:both_responses, scope: :openid, response: [:id_token, :user_info]) { 'both' }
- claim(:id_token_response, scope: :openid, response: [:id_token]) { 'id_token' }
- claim(:user_info_response, scope: :openid, response: :user_info) { 'user_info' }
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/locales/doorkeeper_openid_connect.en.yml b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/locales/doorkeeper_openid_connect.en.yml
deleted file mode 100644
index 1bed506b2cf19..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/locales/doorkeeper_openid_connect.en.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-en:
- doorkeeper:
- scopes:
- openid: 'Authenticate your account'
- profile: 'View your profile information'
- email: 'View your email address'
- address: 'View your physical address'
- phone: 'View your phone number'
- errors:
- messages:
- login_required: 'The authorization server requires end-user authentication'
- consent_required: 'The authorization server requires end-user consent'
- interaction_required: 'The authorization server requires end-user interaction'
- account_selection_required: 'The authorization server requires end-user account selection'
- openid_connect:
- errors:
- messages:
- # Configuration error messages
- resource_owner_from_access_token_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.resource_owner_from_access_token missing configuration.'
- auth_time_from_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.auth_time_from_resource_owner missing configuration.'
- reauthenticate_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.reauthenticate_resource_owner missing configuration.'
- select_account_for_resource_owner_not_configured: 'Failure due to Doorkeeper::OpenidConnect.configure.select_account_for_resource_owner missing configuration.'
- subject_not_configured: 'ID Token generation failed due to Doorkeeper::OpenidConnect.configure.subject missing configuration.'
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/routes.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/routes.rb
deleted file mode 100644
index e182346eb5312..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/routes.rb
+++ /dev/null
@@ -1,6 +0,0 @@
-Rails.application.routes.draw do
- use_doorkeeper
- use_doorkeeper_openid_connect
-
- root 'dummy#index'
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/secrets.yml b/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/secrets.yml
deleted file mode 100644
index 77b0f4db7a467..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/config/secrets.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key is used for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-# You can use `rails secret` to generate a secure secret key.
-
-# Make sure the secrets in this file are kept private
-# if you're sharing your code publicly.
-
-development:
- secret_key_base: 047f8d91118b6fad743ccac15928b306d1880d9d104377eb1f7aeed909ce852c0a214074742163a6e0bc814482c8cdeae470c5edfc75eee37c8da6ccbbae4199
-
-test:
- secret_key_base: 88becc3eb1c84af38da6deea4627f29f2bd41ba79dd279a0e379a41a82f18316f6f5221c73182adca329df8be13fd7c115804a82246989f1314e93d7efc745d3
-
-# Do not keep production secrets in the repository,
-# instead read values from the environment.
-production:
- secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20111122132257_create_users.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20111122132257_create_users.rb
deleted file mode 100644
index 3991429575b71..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20111122132257_create_users.rb
+++ /dev/null
@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-class CreateUsers < ActiveRecord::Migration[4.2]
- def change
- create_table :users do |t|
- t.string :name
-
- t.timestamps
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
deleted file mode 100644
index 67d3728c6c49f..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20120312140401_add_password_to_users.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-class AddPasswordToUsers < ActiveRecord::Migration[4.2]
- def change
- add_column :users, :password, :string
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
deleted file mode 100644
index 91bdbf507464b..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223192035_create_doorkeeper_tables.rb
+++ /dev/null
@@ -1,62 +0,0 @@
-# frozen_string_literal: true
-
-class CreateDoorkeeperTables < ActiveRecord::Migration[4.2]
- def change
- create_table :oauth_applications do |t|
- t.string :name, null: false
- t.string :uid, null: false
- t.string :secret, null: false
- t.text :redirect_uri, null: false
- t.string :scopes, null: false, default: ''
- t.timestamps null: false
- end
-
- add_index :oauth_applications, :uid, unique: true
-
- create_table :oauth_access_grants do |t|
- t.integer :resource_owner_id, null: false
- t.references :application, null: false
- t.string :token, null: false
- t.integer :expires_in, null: false
- t.text :redirect_uri, null: false
- t.datetime :created_at, null: false
- t.datetime :revoked_at
- t.string :scopes
- end
-
- add_index :oauth_access_grants, :token, unique: true
- add_foreign_key(
- :oauth_access_grants,
- :oauth_applications,
- column: :application_id,
- )
-
- create_table :oauth_access_tokens do |t|
- t.integer :resource_owner_id
- t.references :application
-
- # If you use a custom token generator you may need to change this column
- # from string to text, so that it accepts tokens larger than 255
- # characters. More info on custom token generators in:
- # https://github.com/doorkeeper-gem/doorkeeper/tree/v3.0.0.rc1#custom-access-token-generator
- #
- # t.text :token, null: false
- t.string :token, null: false
-
- t.string :refresh_token
- t.integer :expires_in
- t.datetime :revoked_at
- t.datetime :created_at, null: false
- t.string :scopes
- end
-
- add_index :oauth_access_tokens, :token, unique: true
- add_index :oauth_access_tokens, :resource_owner_id
- add_index :oauth_access_tokens, :refresh_token, unique: true
- add_foreign_key(
- :oauth_access_tokens,
- :oauth_applications,
- column: :application_id,
- )
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
deleted file mode 100644
index d4eda38df0f1c..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20151223200000_add_owner_to_application.rb
+++ /dev/null
@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class AddOwnerToApplication < ActiveRecord::Migration[4.2]
- def change
- add_column :oauth_applications, :owner_id, :integer, null: true
- add_column :oauth_applications, :owner_type, :string, null: true
- add_index :oauth_applications, [:owner_id, :owner_type]
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
deleted file mode 100644
index ffad61b260a8a..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20160320211015_add_previous_refresh_token_to_access_tokens.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-class AddPreviousRefreshTokenToAccessTokens < ActiveRecord::Migration[4.2]
- def change
- add_column(
- :oauth_access_tokens,
- :previous_refresh_token,
- :string,
- default: '',
- null: false
- )
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20161102204540_add_current_sign_in_at_to_users.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20161102204540_add_current_sign_in_at_to_users.rb
deleted file mode 100644
index 6b5d2ba96f1e1..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20161102204540_add_current_sign_in_at_to_users.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-class AddCurrentSignInAtToUsers < ActiveRecord::Migration[4.2]
- def change
- add_column :users, :current_sign_in_at, :datetime
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20180904152859_add_confidential_to_applications.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20180904152859_add_confidential_to_applications.rb
deleted file mode 100644
index 784af8828f5c3..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20180904152859_add_confidential_to_applications.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-class AddConfidentialToApplications < ActiveRecord::Migration[5.0]
- def change
- add_column(
- :oauth_applications,
- :confidential,
- :boolean,
- null: false,
- default: true
- )
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20221122044143_enable_pkce.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20221122044143_enable_pkce.rb
deleted file mode 100644
index 96b4e1f7a3f24..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/migrate/20221122044143_enable_pkce.rb
+++ /dev/null
@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-class EnablePkce < ActiveRecord::Migration[6.0]
- def change
- add_column :oauth_access_grants, :code_challenge, :string, null: true
- add_column :oauth_access_grants, :code_challenge_method, :string, null: true
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/schema.rb b/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/schema.rb
deleted file mode 100644
index 8c4e100b4804a..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/db/schema.rb
+++ /dev/null
@@ -1,76 +0,0 @@
-# This file is auto-generated from the current state of the database. Instead
-# of editing this file, please use the migrations feature of Active Record to
-# incrementally modify your database, and then regenerate this schema definition.
-#
-# This file is the source Rails uses to define your schema when running `rails
-# db:schema:load`. When creating a new database, `rails db:schema:load` tends to
-# be faster and is potentially less error prone than running all of your
-# migrations from scratch. Old migrations may fail to apply correctly if those
-# migrations use external dependencies or application code.
-#
-# It's strongly recommended that you check this file into your version control system.
-
-ActiveRecord::Schema.define(version: 2022_11_22_044143) do
-
- create_table "oauth_access_grants", force: :cascade do |t|
- t.integer "resource_owner_id", null: false
- t.integer "application_id", null: false
- t.string "token", null: false
- t.integer "expires_in", null: false
- t.text "redirect_uri", null: false
- t.datetime "created_at", null: false
- t.datetime "revoked_at"
- t.string "scopes"
- t.string "code_challenge"
- t.string "code_challenge_method"
- t.index ["token"], name: "index_oauth_access_grants_on_token", unique: true
- end
-
- create_table "oauth_access_tokens", force: :cascade do |t|
- t.integer "resource_owner_id"
- t.integer "application_id"
- t.string "token", null: false
- t.string "refresh_token"
- t.integer "expires_in"
- t.datetime "revoked_at"
- t.datetime "created_at", null: false
- t.string "scopes"
- t.string "previous_refresh_token", default: "", null: false
- t.index ["refresh_token"], name: "index_oauth_access_tokens_on_refresh_token", unique: true
- t.index ["resource_owner_id"], name: "index_oauth_access_tokens_on_resource_owner_id"
- t.index ["token"], name: "index_oauth_access_tokens_on_token", unique: true
- end
-
- create_table "oauth_applications", force: :cascade do |t|
- t.string "name", null: false
- t.string "uid", null: false
- t.string "secret", null: false
- t.text "redirect_uri", null: false
- t.string "scopes", default: "", null: false
- t.datetime "created_at", null: false
- t.datetime "updated_at", null: false
- t.integer "owner_id"
- t.string "owner_type"
- t.boolean "confidential", default: true, null: false
- t.index ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type"
- t.index ["uid"], name: "index_oauth_applications_on_uid", unique: true
- end
-
- create_table "oauth_openid_requests", force: :cascade do |t|
- t.integer "access_grant_id", null: false
- t.string "nonce", null: false
- t.index ["access_grant_id"], name: "index_oauth_openid_requests_on_access_grant_id"
- end
-
- create_table "users", force: :cascade do |t|
- t.string "name"
- t.datetime "created_at"
- t.datetime "updated_at"
- t.string "password"
- t.datetime "current_sign_in_at"
- end
-
- add_foreign_key "oauth_access_grants", "oauth_applications", column: "application_id"
- add_foreign_key "oauth_access_tokens", "oauth_applications", column: "application_id"
- add_foreign_key "oauth_openid_requests", "oauth_access_grants", column: "access_grant_id", on_delete: :cascade
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/lib/assets/.keep b/vendor/gems/doorkeeper-openid_connect/spec/dummy/lib/assets/.keep
deleted file mode 100644
index e69de29bb2d1d..0000000000000
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/log/.keep b/vendor/gems/doorkeeper-openid_connect/spec/dummy/log/.keep
deleted file mode 100644
index e69de29bb2d1d..0000000000000
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/404.html b/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/404.html
deleted file mode 100644
index b612547fc21d0..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/404.html
+++ /dev/null
@@ -1,67 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <title>The page you were looking for doesn't exist (404)</title>
- <meta name="viewport" content="width=device-width,initial-scale=1">
- <style>
- body {
- background-color: #EFEFEF;
- color: #2E2F30;
- text-align: center;
- font-family: arial, sans-serif;
- margin: 0;
- }
-
- div.dialog {
- width: 95%;
- max-width: 33em;
- margin: 4em auto 0;
- }
-
- div.dialog > div {
- border: 1px solid #CCC;
- border-right-color: #999;
- border-left-color: #999;
- border-bottom-color: #BBB;
- border-top: #B00100 solid 4px;
- border-top-left-radius: 9px;
- border-top-right-radius: 9px;
- background-color: white;
- padding: 7px 12% 0;
- box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
- }
-
- h1 {
- font-size: 100%;
- color: #730E15;
- line-height: 1.5em;
- }
-
- div.dialog > p {
- margin: 0 0 1em;
- padding: 1em;
- background-color: #F7F7F7;
- border: 1px solid #CCC;
- border-right-color: #999;
- border-left-color: #999;
- border-bottom-color: #999;
- border-bottom-left-radius: 4px;
- border-bottom-right-radius: 4px;
- border-top-color: #DADADA;
- color: #666;
- box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
- }
- </style>
-</head>
-
-<body>
- <!-- This file lives in public/404.html -->
- <div class="dialog">
- <div>
- <h1>The page you were looking for doesn't exist.</h1>
- <p>You may have mistyped the address or the page may have moved.</p>
- </div>
- <p>If you are the application owner check the logs for more information.</p>
- </div>
-</body>
-</html>
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/422.html b/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/422.html
deleted file mode 100644
index a21f82b3bdb81..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/422.html
+++ /dev/null
@@ -1,67 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <title>The change you wanted was rejected (422)</title>
- <meta name="viewport" content="width=device-width,initial-scale=1">
- <style>
- body {
- background-color: #EFEFEF;
- color: #2E2F30;
- text-align: center;
- font-family: arial, sans-serif;
- margin: 0;
- }
-
- div.dialog {
- width: 95%;
- max-width: 33em;
- margin: 4em auto 0;
- }
-
- div.dialog > div {
- border: 1px solid #CCC;
- border-right-color: #999;
- border-left-color: #999;
- border-bottom-color: #BBB;
- border-top: #B00100 solid 4px;
- border-top-left-radius: 9px;
- border-top-right-radius: 9px;
- background-color: white;
- padding: 7px 12% 0;
- box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
- }
-
- h1 {
- font-size: 100%;
- color: #730E15;
- line-height: 1.5em;
- }
-
- div.dialog > p {
- margin: 0 0 1em;
- padding: 1em;
- background-color: #F7F7F7;
- border: 1px solid #CCC;
- border-right-color: #999;
- border-left-color: #999;
- border-bottom-color: #999;
- border-bottom-left-radius: 4px;
- border-bottom-right-radius: 4px;
- border-top-color: #DADADA;
- color: #666;
- box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
- }
- </style>
-</head>
-
-<body>
- <!-- This file lives in public/422.html -->
- <div class="dialog">
- <div>
- <h1>The change you wanted was rejected.</h1>
- <p>Maybe you tried to change something you didn't have access to.</p>
- </div>
- <p>If you are the application owner check the logs for more information.</p>
- </div>
-</body>
-</html>
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/500.html b/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/500.html
deleted file mode 100644
index 061abc587dcac..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/500.html
+++ /dev/null
@@ -1,66 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <title>We're sorry, but something went wrong (500)</title>
- <meta name="viewport" content="width=device-width,initial-scale=1">
- <style>
- body {
- background-color: #EFEFEF;
- color: #2E2F30;
- text-align: center;
- font-family: arial, sans-serif;
- margin: 0;
- }
-
- div.dialog {
- width: 95%;
- max-width: 33em;
- margin: 4em auto 0;
- }
-
- div.dialog > div {
- border: 1px solid #CCC;
- border-right-color: #999;
- border-left-color: #999;
- border-bottom-color: #BBB;
- border-top: #B00100 solid 4px;
- border-top-left-radius: 9px;
- border-top-right-radius: 9px;
- background-color: white;
- padding: 7px 12% 0;
- box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
- }
-
- h1 {
- font-size: 100%;
- color: #730E15;
- line-height: 1.5em;
- }
-
- div.dialog > p {
- margin: 0 0 1em;
- padding: 1em;
- background-color: #F7F7F7;
- border: 1px solid #CCC;
- border-right-color: #999;
- border-left-color: #999;
- border-bottom-color: #999;
- border-bottom-left-radius: 4px;
- border-bottom-right-radius: 4px;
- border-top-color: #DADADA;
- color: #666;
- box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
- }
- </style>
-</head>
-
-<body>
- <!-- This file lives in public/500.html -->
- <div class="dialog">
- <div>
- <h1>We're sorry, but something went wrong.</h1>
- </div>
- <p>If you are the application owner check the logs for more information.</p>
- </div>
-</body>
-</html>
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/favicon.ico b/vendor/gems/doorkeeper-openid_connect/spec/dummy/public/favicon.ico
deleted file mode 100644
index e69de29bb2d1d..0000000000000
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/factories.rb b/vendor/gems/doorkeeper-openid_connect/spec/factories.rb
deleted file mode 100644
index 2b30682e1de8e..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/factories.rb
+++ /dev/null
@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-FactoryBot.define do
- factory :access_grant, class: 'Doorkeeper::AccessGrant' do
- resource_owner_id { create(:user).id }
- application
- redirect_uri { 'https://app.com/callback' }
- expires_in { 100 }
- scopes { 'public write' }
- end
-
- factory :access_token, class: 'Doorkeeper::AccessToken' do
- resource_owner_id { create(:user).id }
- application
- expires_in { 2.hours }
-
- factory :clientless_access_token do
- application { nil }
- end
- end
-
- factory :application, class: 'Doorkeeper::Application' do
- sequence(:name) { |n| "Application #{n}" }
- redirect_uri { 'https://app.com/callback' }
- end
-
- factory :user do
- current_sign_in_at { Time.zone.at(23) }
- end
-
- factory :openid_request, class: 'Doorkeeper::OpenidConnect::Request' do
- access_grant
- sequence(:nonce, &:to_s)
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/claims/claim_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/claims/claim_spec.rb
deleted file mode 100644
index 24e66e8228f3c..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/claims/claim_spec.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::Claims::Claim do
- subject { described_class.new name: 'username', scope: 'profile' }
-
- describe '#initialize' do
- it 'uses the given name' do
- expect(subject.name).to eq :username
- end
-
- it 'uses the given scope' do
- expect(subject.scope).to eq :profile
- end
-
- it 'falls back to the default scope for standard claims' do
- expect(described_class.new(name: 'family_name').scope).to eq :profile
- expect(described_class.new(name: :family_name).scope).to eq :profile
- expect(described_class.new(name: 'email').scope).to eq :email
- expect(described_class.new(name: :email).scope).to eq :email
- expect(described_class.new(name: 'address').scope).to eq :address
- expect(described_class.new(name: :address).scope).to eq :address
- expect(described_class.new(name: 'phone_number').scope).to eq :phone
- expect(described_class.new(name: :phone_number).scope).to eq :phone
- end
-
- it 'falls back to the profile scope for non-standard claims' do
- expect(described_class.new(name: 'unknown').scope).to eq :profile
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/config_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/config_spec.rb
deleted file mode 100644
index 5de7af5d14a64..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/config_spec.rb
+++ /dev/null
@@ -1,232 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect, 'configuration' do
- subject { described_class.configuration }
-
- describe '#configure' do
- it 'fails if not set to :active_record' do
- # stub ORM setup to avoid Doorkeeper exceptions
- allow(Doorkeeper).to receive(:setup_orm_adapter)
- allow(Doorkeeper).to receive(:setup_orm_models)
- allow(Doorkeeper).to receive(:setup_application_owner)
-
- Doorkeeper.configure do
- orm :mongoid
- end
-
- expect do
- described_class.configure {}
- end.to raise_error Doorkeeper::OpenidConnect::Errors::InvalidConfiguration
- end
- end
-
- describe 'jws_private_key' do
- it 'delegates to signing_key' do
- value = 'private_key'
- described_class.configure do
- jws_private_key value
- end
- expect(subject.signing_key).to eq(value)
- end
- end
-
- describe 'signing_key' do
- it 'sets the value that is accessible via signing_key' do
- value = 'private_key'
- described_class.configure do
- signing_key value
- end
- expect(subject.signing_key).to eq(value)
- end
- end
-
- describe 'issuer' do
- it 'sets the value that is accessible via issuer' do
- value = 'issuer'
- described_class.configure do
- issuer value
- end
- expect(subject.issuer).to eq(value)
- end
-
- it 'sets the block that is accessible via issuer' do
- block = proc {}
- described_class.configure do
- issuer(&block)
- end
- expect(subject.issuer).to eq(block)
- end
- end
-
- describe 'resource_owner_from_access_token' do
- it 'sets the block that is accessible via resource_owner_from_access_token' do
- block = proc {}
- described_class.configure do
- resource_owner_from_access_token(&block)
- end
- expect(subject.resource_owner_from_access_token).to eq(block)
- end
-
- it 'fails if unset' do
- described_class.configure {}
-
- expect do
- subject.resource_owner_from_access_token.call
- end.to raise_error Doorkeeper::OpenidConnect::Errors::InvalidConfiguration
- end
- end
-
- describe 'auth_time_from_resource_owner' do
- it 'sets the block that is accessible via auth_time_from_resource_owner' do
- block = proc {}
- described_class.configure do
- auth_time_from_resource_owner(&block)
- end
- expect(subject.auth_time_from_resource_owner).to eq(block)
- end
-
- it 'fails if unset' do
- described_class.configure {}
-
- expect do
- subject.auth_time_from_resource_owner.call
- end.to raise_error Doorkeeper::OpenidConnect::Errors::InvalidConfiguration
- end
- end
-
- describe 'reauthenticate_resource_owner' do
- it 'sets the block that is accessible via reauthenticate_resource_owner' do
- block = proc {}
- described_class.configure do
- reauthenticate_resource_owner(&block)
- end
- expect(subject.reauthenticate_resource_owner).to eq(block)
- end
-
- it 'fails if unset' do
- described_class.configure {}
-
- expect do
- subject.reauthenticate_resource_owner.call
- end.to raise_error Doorkeeper::OpenidConnect::Errors::InvalidConfiguration
- end
- end
-
- describe 'select_account_for_resource_owner' do
- it 'sets the block that is accessible via select_account_for_resource_owner' do
- block = proc {}
- described_class.configure do
- select_account_for_resource_owner(&block)
- end
- expect(subject.select_account_for_resource_owner).to eq(block)
- end
-
- it 'fails if unset' do
- described_class.configure {}
-
- expect do
- subject.select_account_for_resource_owner.call
- end.to raise_error Doorkeeper::OpenidConnect::Errors::InvalidConfiguration
- end
- end
-
- describe 'subject' do
- it 'sets the block that is accessible via subject' do
- block = proc {}
- described_class.configure do
- subject(&block)
- end
- expect(subject.subject).to eq(block)
- end
-
- it 'fails if unset' do
- described_class.configure {}
-
- expect do
- subject.subject.call
- end.to raise_error Doorkeeper::OpenidConnect::Errors::InvalidConfiguration
- end
- end
-
- describe 'expiration' do
- it 'sets the value that is accessible via expiration' do
- value = 'expiration'
- described_class.configure do
- expiration value
- end
- expect(subject.expiration).to eq(value)
- end
- end
-
- describe 'claims' do
- it 'sets the claims configuration that is accessible via claims' do
- described_class.configure do
- claims do
- end
- end
- expect(subject.claims).not_to be_nil
- end
- end
-
- describe 'protocol' do
- it 'defaults to https in production' do
- expect(::Rails.env).to receive(:production?).and_return(true)
-
- expect(subject.protocol.call).to eq(:https)
- end
-
- it 'defaults to http in other environments' do
- expect(::Rails.env).to receive(:production?).and_return(false)
-
- expect(subject.protocol.call).to eq(:http)
- end
-
- it 'can be set to other protocols' do
- described_class.configure do
- protocol { :ftp }
- end
-
- expect(subject.protocol.call).to eq(:ftp)
- end
- end
-
- describe 'end_session_endpoint' do
- it 'defaults to nil' do
- expect(subject.end_session_endpoint.call).to be_nil
- end
-
- it 'can be set to a custom url' do
- described_class.configure do
- end_session_endpoint { 'http://test.host/logout' }
- end
-
- expect(subject.end_session_endpoint.call).to eq('http://test.host/logout')
- end
- end
-
- describe 'discovery_url_options' do
- it 'defaults to empty hash' do
- expect(subject.discovery_url_options.call).to be_kind_of(Hash)
- expect(subject.discovery_url_options.call).to be_empty
- end
-
- it 'can be set to other hosts' do
- Doorkeeper::OpenidConnect.configure do
- discovery_url_options do |request|
- {
- authorization: { host: 'alternate-authorization-host' },
- token: { host: 'alternate-token-host' },
- revocation: { host: 'alternate-revocation-host' },
- introspection: { host: 'alternate-introspection-host' },
- userinfo: { host: 'alternate-userinfo-host' },
- jwks: { host: 'alternate-jwks-host' }
- }
- end
- end
-
- expect(subject.discovery_url_options.call[:authorization]).to eq(host: 'alternate-authorization-host')
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_spec.rb
deleted file mode 100644
index 2e9e6722670f4..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_spec.rb
+++ /dev/null
@@ -1,99 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::IdToken do
- subject { described_class.new(access_token, nonce) }
-
- let(:access_token) { create :access_token, resource_owner_id: user.id, scopes: 'openid' }
- let(:user) { create :user }
- let(:nonce) { '123456' }
-
- before do
- allow(Time).to receive(:now) { Time.zone.at 60 }
- end
-
- describe '#nonce' do
- it 'returns the stored nonce' do
- expect(subject.nonce).to eq '123456'
- end
- end
-
- describe '#claims' do
- it 'returns all default claims' do
- expect(subject.claims).to eq(
- iss: 'dummy',
- sub: user.id.to_s,
- aud: access_token.application.uid,
- exp: 180,
- iat: 60,
- nonce: nonce,
- auth_time: 23,
- both_responses: 'both',
- id_token_response: 'id_token',
- )
- end
-
- context 'when application is not set on the access token' do
- before do
- access_token.application = nil
- end
-
- it 'returns all default claims except audience' do
- expect(subject.claims).to eq(
- iss: 'dummy',
- sub: user.id.to_s,
- aud: nil,
- exp: 180,
- iat: 60,
- nonce: nonce,
- auth_time: 23,
- both_responses: 'both',
- id_token_response: 'id_token',
- )
- end
- end
- end
-
- describe '#as_json' do
- it 'returns claims with nil values and empty strings removed' do
- allow(subject).to receive(:issuer).and_return(nil)
- allow(subject).to receive(:subject).and_return('')
- allow(subject).to receive(:audience).and_return(' ')
-
- json = subject.as_json
-
- expect(json).not_to include :iss
- expect(json).not_to include :sub
- expect(json).to include :aud
- end
- end
-
- describe '#as_jws_token' do
- shared_examples 'a jws token' do
- it 'returns claims encoded as JWT' do
- algorithms = [Doorkeeper::OpenidConnect.signing_algorithm.to_s]
-
- data, headers = ::JWT.decode subject.as_jws_token, Doorkeeper::OpenidConnect.signing_key.keypair, true, { algorithms: algorithms }
-
- expect(data.to_hash).to eq subject.as_json.stringify_keys
- expect(headers["kid"]).to eq Doorkeeper::OpenidConnect.signing_key.kid
- expect(headers["alg"]).to eq Doorkeeper::OpenidConnect.signing_algorithm.to_s
- end
- end
-
- it_behaves_like 'a jws token'
-
- context 'when signing_algorithm is EC' do
- before { configure_ec }
-
- it_behaves_like 'a jws token'
- end
-
- context 'when signing_algorithm is HMAC' do
- before { configure_hmac }
-
- it_behaves_like 'a jws token'
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_token_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_token_spec.rb
deleted file mode 100644
index 597fff64008de..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/id_token_token_spec.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::IdTokenToken do
- subject { described_class.new(access_token, nonce) }
-
- let(:access_token) { create :access_token, resource_owner_id: user.id, scopes: 'openid' }
- let(:user) { create :user }
- let(:nonce) { '123456' }
-
- before do
- allow(Time).to receive(:now) { Time.zone.at 60 }
- end
-
- describe '#claims' do
- it 'returns all default claims' do
- # access token is from http://openid.net/specs/openid-connect-core-1_0.html
- # so we can test `at_hash` value
- access_token.update(token: 'jHkWEdUXMU1BwAsC4vtUsZwnNvTIxEl0z9K3vx5KF0Y')
-
- expect(subject.claims).to eq({
- iss: 'dummy',
- sub: user.id.to_s,
- aud: access_token.application.uid,
- exp: 180,
- iat: 60,
- nonce: nonce,
- auth_time: 23,
- at_hash: '77QmUPtjPfzWtF2AnpK9RQ',
- both_responses: 'both',
- id_token_response: 'id_token',
- })
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization/code_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization/code_spec.rb
deleted file mode 100644
index 0062c109c6779..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization/code_spec.rb
+++ /dev/null
@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::OAuth::Authorization::Code do
- subject { Doorkeeper::OAuth::Authorization::Code.new pre_auth, resource_owner }
-
- let(:resource_owner) { create :user }
- let(:access_grant) { create :access_grant }
- let(:pre_auth) { double }
- let(:client) { double }
-
- describe '#issue_token' do
- before do
- allow(pre_auth).to receive(:client) { client }
- allow(pre_auth).to receive(:redirect_uri).and_return('redirect_uri')
- allow(pre_auth).to receive(:scopes).and_return('scopes')
- allow(pre_auth).to receive(:nonce).and_return('123456')
- allow(pre_auth).to receive(:code_challenge).and_return('987654')
- allow(pre_auth).to receive(:code_challenge_method).and_return('plain')
- allow(pre_auth).to receive(:custom_access_token_attributes).and_return({})
- allow(client).to receive(:id).and_return('client_id')
-
- allow(Doorkeeper::AccessGrant).to receive(:create!) { access_grant }
- allow(Doorkeeper::OpenidConnect::Request).to receive(:create!)
- end
-
- it 'stores the nonce' do
- subject.issue_token
-
- expect(Doorkeeper::OpenidConnect::Request).to have_received(:create!).with({
- access_grant: access_grant,
- nonce: '123456'
- })
- end
-
- it 'does not store the nonce if not present' do
- allow(pre_auth).to receive(:nonce).and_return(nil)
- subject.issue_token
-
- expect(Doorkeeper::OpenidConnect::Request).not_to have_received(:create!)
- end
-
- it 'does not store the nonce if blank' do
- allow(pre_auth).to receive(:nonce).and_return(' ')
- subject.issue_token
-
- expect(Doorkeeper::OpenidConnect::Request).not_to have_received(:create!)
- end
-
- it 'returns the created grant' do
- expect(subject.issue_token).to be_a Doorkeeper::AccessGrant
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization_code_request_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization_code_request_spec.rb
deleted file mode 100644
index 8e5b242391fae..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/authorization_code_request_spec.rb
+++ /dev/null
@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::OAuth::AuthorizationCodeRequest do
- subject do
- Doorkeeper::OAuth::AuthorizationCodeRequest.new(server, grant, client).tap do |request|
- request.instance_variable_set '@response', response
- request.instance_variable_set('@access_token', token)
- end
- end
-
- let(:server) { double }
- let(:client) { double }
- let(:grant) { create :access_grant, openid_request: openid_request }
- let(:openid_request) { create :openid_request, nonce: '123456' }
- let(:token) { create :access_token }
- let(:response) { Doorkeeper::OAuth::TokenResponse.new token }
-
- describe '#after_successful_response' do
- it 'adds the ID token to the response' do
- subject.send :after_successful_response
-
- expect(response.id_token).to be_a Doorkeeper::OpenidConnect::IdToken
- expect(response.id_token.nonce).to eq '123456'
- end
-
- it 'destroys the OpenID request record' do
- grant.save!
-
- expect do
- subject.send :after_successful_response
- end.to change { Doorkeeper::OpenidConnect::Request.count }.by(-1)
- end
-
- it 'skips the nonce if not present' do
- grant.openid_request.nonce = nil
- subject.send :after_successful_response
-
- expect(response.id_token.nonce).to be_nil
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_request_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_request_spec.rb
deleted file mode 100644
index 3dd93cc42d2ed..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_request_spec.rb
+++ /dev/null
@@ -1,78 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OAuth::IdTokenRequest do
- subject do
- described_class.new(pre_auth, owner)
- end
-
- let :application do
- FactoryBot.create(:application, scopes: 'public')
- end
-
- let :pre_auth do
- server = Doorkeeper.configuration
- allow(server).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- client = Doorkeeper::OAuth::Client.new(application)
-
- attributes = {
- client_id: client.uid,
- response_type: 'id_token',
- redirect_uri: 'https://app.com/callback',
- scope: 'public',
- nonce: '12345',
- }
-
- pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
- pre_auth.authorizable? # triggers loading of pre_auth.client
- pre_auth
- end
-
- let(:owner) { build_stubbed(:user) }
-
- # just to make sure self created pre_auth is authorizable
- it 'pre_auth should be valid' do
- expect(pre_auth).to be_authorizable
- end
-
- it 'creates an access token' do
- expect do
- subject.authorize
- end.to change { Doorkeeper::AccessToken.count }.by(1)
- end
-
- it 'returns id_token response' do
- expect(subject.authorize).to be_a(Doorkeeper::OAuth::IdTokenResponse)
- end
-
- context 'token reuse' do
- it 'creates a new token if there are no matching tokens' do
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
- expect do
- subject.authorize
- end.to change { Doorkeeper::AccessToken.count }.by(1)
- end
-
- it 'creates a new token if scopes do not match' do
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
- create(:access_token, application_id: pre_auth.client.id,
- resource_owner_id: owner.id, scopes: '')
- expect do
- subject.authorize
- end.to change { Doorkeeper::AccessToken.count }.by(1)
- end
-
- it 'skips token creation if there is a matching one' do
- allow(Doorkeeper.configuration).to receive(:reuse_access_token).and_return(true)
- allow(application.scopes).to receive(:has_scopes?).and_return(true)
- allow(application.scopes).to receive(:all?).and_return(true)
-
- create(:access_token, application_id: pre_auth.client.id,
- resource_owner_id: owner.id, scopes: 'public')
-
- expect { subject.authorize }.not_to(change { Doorkeeper::AccessToken.count })
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_response_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_response_spec.rb
deleted file mode 100644
index 0381f921b2e24..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_response_spec.rb
+++ /dev/null
@@ -1,60 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OAuth::IdTokenResponse do
- subject { described_class.new(pre_auth, auth, id_token) }
-
- let(:token) { create :access_token }
- let(:application) do
- create(:application, scopes: 'public')
- end
-
- let(:pre_auth) do
- double(
- :pre_auth,
- client: application,
- redirect_uri: 'http://tst.com/cb',
- state: 'state',
- scopes: Doorkeeper::OAuth::Scopes.from_string('public'),
- error: nil,
- authorizable?: true,
- nonce: '12345'
- )
- end
-
- let(:owner) { build_stubbed(:user) }
-
- let(:auth) do
- Doorkeeper::OAuth::Authorization::Token.new(pre_auth, owner).tap do |c|
- if c.respond_to?(:issue_token!)
- c.issue_token!
- else
- c.issue_token
- end
- end
- end
- let(:id_token) { Doorkeeper::OpenidConnect::IdToken.new(token, pre_auth) }
-
- describe '#body' do
- it 'return body response for id_token' do
- expect(subject.body).to eq({
- expires_in: auth.token.expires_in_seconds,
- state: pre_auth.state,
- id_token: id_token.as_jws_token
- })
- end
- end
-
- describe '#redirect_uri' do
- it 'includes expires_in, id_token and state' do
- expect(subject.redirect_uri).to include("#{pre_auth.redirect_uri}#expires_in=#{auth.token.expires_in_seconds}&" \
- "state=#{pre_auth.state}&" \
- "id_token=#{id_token.as_jws_token}")
- end
-
- it 'does not include access_token' do
- expect(subject.redirect_uri).not_to include('access_token')
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_request_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_request_spec.rb
deleted file mode 100644
index 760459531c3e0..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_request_spec.rb
+++ /dev/null
@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OAuth::IdTokenTokenRequest do
- subject do
- described_class.new(pre_auth, owner)
- end
-
- let :application do
- FactoryBot.create(:application, scopes: 'public')
- end
-
- let :pre_auth do
- server = Doorkeeper.configuration
- allow(server).to receive(:grant_flows).and_return(['implicit_oidc'])
-
- client = Doorkeeper::OAuth::Client.new(application)
-
- attributes = {
- client_id: client.uid,
- response_type: 'id_token token',
- redirect_uri: 'https://app.com/callback',
- scope: 'public',
- nonce: '12345',
- }
-
- pre_auth = Doorkeeper::OAuth::PreAuthorization.new(server, attributes)
- pre_auth.authorizable?
- pre_auth
- end
-
- let(:owner) { build_stubbed(:user) }
-
- # just to make sure self created pre_auth is authorizable
- it 'pre_auth should be valid' do
- expect(pre_auth).to be_authorizable
- end
-
- it 'creates an access token' do
- expect do
- subject.authorize
- end.to change { Doorkeeper::AccessToken.count }.by(1)
- end
-
- it 'returns id_token token response' do
- expect(subject.authorize).to be_a(Doorkeeper::OAuth::IdTokenTokenResponse)
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_response_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_response_spec.rb
deleted file mode 100644
index 56f7724e6f24a..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/id_token_token_response_spec.rb
+++ /dev/null
@@ -1,56 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OAuth::IdTokenTokenResponse do
- subject { described_class.new(pre_auth, auth, id_token) }
-
- let(:token) { create :access_token }
- let(:application) do
- create(:application, scopes: 'public')
- end
- let(:pre_auth) do
- double(
- :pre_auth,
- client: application,
- redirect_uri: 'http://tst.com/cb',
- state: 'state',
- scopes: Doorkeeper::OAuth::Scopes.from_string('public'),
- error: nil,
- authorizable?: true,
- nonce: '12345'
- )
- end
- let(:owner) { build_stubbed(:user) }
- let(:auth) do
- Doorkeeper::OAuth::Authorization::Token.new(pre_auth, owner).tap do |c|
- if c.respond_to?(:issue_token!)
- c.issue_token!
- else
- c.issue_token
- end
- end
- end
- let(:id_token) { Doorkeeper::OpenidConnect::IdToken.new(token, pre_auth) }
-
- describe '#body' do
- it 'return body response for id_token and access_token' do
- expect(subject.body).to eq({
- expires_in: auth.token.expires_in_seconds,
- state: pre_auth.state,
- id_token: id_token.as_jws_token,
- access_token: auth.token.token,
- token_type: auth.token.token_type
- })
- end
- end
-
- describe '#redirect_uri' do
- it 'includes id_token, info of access_token and state' do
- expect(subject.redirect_uri).to include("#{pre_auth.redirect_uri}#expires_in=#{auth.token.expires_in_seconds}&" \
- "state=#{pre_auth.state}&" \
- "id_token=#{id_token.as_jws_token}&" \
- "access_token=#{auth.token.token}&token_type=#{auth.token.token_type}")
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/password_access_token_request_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/password_access_token_request_spec.rb
deleted file mode 100644
index 2c235e7523156..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/password_access_token_request_spec.rb
+++ /dev/null
@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::OAuth::PasswordAccessTokenRequest do
- if Gem.loaded_specs['doorkeeper'].version >= Gem::Version.create('5.5.1')
- subject { Doorkeeper::OAuth::PasswordAccessTokenRequest.new server, client, credentials, resource_owner, { nonce: '123456' } }
- else
- subject { Doorkeeper::OAuth::PasswordAccessTokenRequest.new server, client, resource_owner, { nonce: '123456' } }
- end
-
- let(:server) { double }
- let(:client) { double }
- let(:credentials) { }
- let(:resource_owner) { create :user }
- let(:token) { create :access_token }
- let(:response) { Doorkeeper::OAuth::TokenResponse.new token }
-
- describe '#initialize' do
- it 'stores the nonce attribute' do
- expect(subject.nonce).to eq '123456'
- end
- end
-
- describe '#after_successful_response' do
- it 'adds the ID token to the response' do
- subject.instance_variable_set '@response', response
- subject.instance_variable_set '@access_token', token
- subject.send :after_successful_response
-
- expect(response.id_token).to be_a Doorkeeper::OpenidConnect::IdToken
- expect(response.id_token.nonce).to eq '123456'
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/pre_authorization_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/pre_authorization_spec.rb
deleted file mode 100644
index c9807a4691243..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/pre_authorization_spec.rb
+++ /dev/null
@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::OAuth::PreAuthorization do
- subject { Doorkeeper::OAuth::PreAuthorization.new server, attrs }
-
- let(:server) { Doorkeeper.configuration }
- let(:attrs) {}
-
- describe '#initialize' do
- context 'with nonce parameter' do
- let(:attrs) { { nonce: '123456' } }
-
- it 'stores the nonce attribute' do
- expect(subject.nonce).to eq '123456'
- end
- end
- end
-
- describe '#error_response' do
- context 'with response_type = code' do
- let(:attrs) { { response_type: 'code', redirect_uri: 'client.com/callback' } }
-
- it 'redirects to redirect_uri with query parameter' do
- expect(subject.error_response.redirect_uri).to match(/#{attrs[:redirect_uri]}\?/)
- end
- end
-
- context 'with response_type = token' do
- let(:attrs) { { response_type: 'token', redirect_uri: 'client.com/callback' } }
-
- it 'redirects to redirect_uri with fragment' do
- expect(subject.error_response.redirect_uri).to match(/#{attrs[:redirect_uri]}#/)
- end
- end
-
- context 'with response_type = id_token' do
- let(:attrs) { { response_type: 'id_token', redirect_uri: 'client.com/callback' } }
-
- it 'redirects to redirect_uri with fragment' do
- expect(subject.error_response.redirect_uri).to match(/#{attrs[:redirect_uri]}#/)
- end
- end
-
- context 'with response_type = id_token token' do
- let(:attrs) { { response_type: 'id_token token', redirect_uri: 'client.com/callback' } }
-
- it 'redirects to redirect_uri with fragment' do
- expect(subject.error_response.redirect_uri).to match(/#{attrs[:redirect_uri]}#/)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/token_response_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/token_response_spec.rb
deleted file mode 100644
index 3fb85a2ea718f..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/oauth/token_response_spec.rb
+++ /dev/null
@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::OAuth::TokenResponse do
- subject { Doorkeeper::OAuth::TokenResponse.new token }
-
- let(:token) { create :access_token }
- let(:client) { Doorkeeper::OAuth::Client.new create(:application) }
- let(:pre_auth) { Doorkeeper::OAuth::PreAuthorization.new(Doorkeeper.configuration, client_id: client.uid, nonce: '123456') }
- let(:id_token) { Doorkeeper::OpenidConnect::IdToken.new token, pre_auth }
-
- before do
- pre_auth.valid? # triggers loading of pre_auth.client
- end
-
- describe '#body' do
- before do
- subject.id_token = id_token
- end
-
- context 'with the openid scope present' do
- before do
- token.scopes = 'openid email'
- end
-
- it 'adds the ID token to the response' do
- expect(subject.body[:id_token]).to eq id_token.as_jws_token
- end
- end
-
- context 'with the openid scope present but no id_token' do
- before do
- token.scopes = 'openid email'
- subject.id_token = nil
- end
-
- it 'adds the ID token to the response' do
- expect(subject.body[:id_token]).to be_truthy
- end
- end
-
- context 'with the openid scope not present' do
- before do
- token.scopes = 'email'
- end
-
- it 'does not add the ID token to the response' do
- expect(subject.body).not_to include :id_token
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/openid_connect_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/openid_connect_spec.rb
deleted file mode 100644
index 31a03afb663b0..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/openid_connect_spec.rb
+++ /dev/null
@@ -1,68 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect do
- describe '.signing_algorithm' do
- it 'returns the signing_algorithm as an uppercase symbol' do
- expect(subject.signing_algorithm).to eq :RS256
- end
- end
-
- describe '.signing_key' do
- it 'returns the private key as JWK instance' do
- expect(subject.signing_key).to be_a ::JWT::JWK::KeyBase
- expect(subject.signing_key.kid).to eq 'IqYwZo2cE6hsyhs48cU8QHH4GanKIx0S4Dc99kgTIMA'
- end
- end
-
- describe '.signing_key_normalized' do
- context 'when signing key is RSA' do
- it 'returns the RSA public key parameters' do
- expect(subject.signing_key_normalized).to eq(
- :kty => 'RSA',
- :kid => 'IqYwZo2cE6hsyhs48cU8QHH4GanKIx0S4Dc99kgTIMA',
- :e => 'AQAB',
- :n => 'sjdnSA6UWUQQHf6BLIkIEUhMRNBJC1NN_pFt1EJmEiI88GS0ceROO5B5Ooo9Y3QOWJ_n-u1uwTHBz0HCTN4wgArWd1TcqB5GQzQRP4eYnWyPfi4CfeqAHzQp-v4VwbcK0LW4FqtW5D0dtrFtI281FDxLhARzkhU2y7fuYhL8fVw5rUhE8uwvHRZ5CEZyxf7BSHxIvOZAAymhuzNLATt2DGkDInU1BmF75tEtBJAVLzWG_j4LPZh1EpSdfezqaXQlcy9PJi916UzTl0P7Yy-ulOdUsMlB6yo8qKTY1-AbZ5jzneHbGDU_O8QjYvii1WDmJ60t0jXicmOkGrOhruOptw'
- )
- end
- end
-
- context 'when signing key is EC' do
- before { configure_ec }
-
- it 'returns the EC public key parameters' do
- expect(subject.signing_key_normalized).to eq(
- :kty => 'EC',
- :kid => 'dOx_AhaepicN2r2M-sxZhgkYZMCX7dYhPsNOw1ZiFnI',
- :crv => 'P-521',
- :x => 'AeYVvbl3zZcFCdE-0msqOowYODjzeXAhjsZKhdNjGlDREvko3UFOw6S43g-s8bvVBmBz3fCodEzFRYQqJVI4UFvF',
- :y => 'AYJ7GYeBm_Fb6liN53xGASdbRSzF34h4BDSVYzjtQc7I-1LK17fwwS3VfQCJwaT6zX33HTrhR4VoUEUJHKwR3dNs'
- )
- end
- end
-
- context 'when signing key is HMAC' do
- before { configure_hmac }
-
- it 'returns the HMAC public key parameters' do
- expect(subject.signing_key_normalized).to eq(
- :kty => 'oct',
- :kid => 'lyAW7LdxryFWQtLdgxZpOrI87APHrzJKgWLT0BkWVog'
- )
- end
- end
- end
-
- describe 'registering grant flows' do
- describe Doorkeeper::Request do
- it 'uses the correct strategy for "id_token" response types' do
- expect(described_class.authorization_strategy('id_token')).to eq(Doorkeeper::Request::IdToken)
- end
-
- it 'uses the correct strategy for "id_token token" response types' do
- expect(described_class.authorization_strategy('id_token token')).to eq(Doorkeeper::Request::IdTokenToken)
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/routes_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/routes_spec.rb
deleted file mode 100644
index 2f7c8b510a865..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/routes_spec.rb
+++ /dev/null
@@ -1,44 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::Rails::Routes, type: :routing do
- describe 'userinfo' do
- it 'maps GET #show' do
- expect(get: 'oauth/userinfo').to route_to(
- controller: 'doorkeeper/openid_connect/userinfo',
- action: 'show'
- )
- end
-
- it 'maps POST #show' do
- expect(post: 'oauth/userinfo').to route_to(
- controller: 'doorkeeper/openid_connect/userinfo',
- action: 'show'
- )
- end
- end
-
- describe 'discovery' do
- it 'maps GET #provider' do
- expect(get: '.well-known/openid-configuration').to route_to(
- controller: 'doorkeeper/openid_connect/discovery',
- action: 'provider'
- )
- end
-
- it 'maps GET #webfinger' do
- expect(get: '.well-known/webfinger').to route_to(
- controller: 'doorkeeper/openid_connect/discovery',
- action: 'webfinger'
- )
- end
-
- it 'maps GET #keys' do
- expect(get: 'oauth/discovery/keys').to route_to(
- controller: 'doorkeeper/openid_connect/discovery',
- action: 'keys'
- )
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/lib/user_info_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/lib/user_info_spec.rb
deleted file mode 100644
index cf866b42d6188..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/lib/user_info_spec.rb
+++ /dev/null
@@ -1,55 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::UserInfo do
- subject { described_class.new token }
-
- let(:user) { create :user, name: 'Joe' }
- let(:token) { create :access_token, resource_owner_id: user.id, scopes: scopes }
- let(:scopes) { 'openid' }
-
- describe '#claims' do
- it 'returns all accessible claims' do
- expect(subject.claims).to eq({
- sub: user.id.to_s,
- created_at: user.created_at.to_i,
- variable_name: 'openid-name',
- token_id: token.id,
- both_responses: 'both',
- user_info_response: 'user_info',
- })
- end
-
- context 'with a grant for the profile scopes' do
- let(:scopes) { 'openid profile' }
-
- it 'returns additional profile claims' do
- expect(subject.claims).to eq({
- sub: user.id.to_s,
- name: 'Joe',
- created_at: user.created_at.to_i,
- updated_at: user.updated_at.to_i,
- variable_name: 'profile-name',
- token_id: token.id,
- both_responses: 'both',
- user_info_response: 'user_info',
- })
- end
- end
- end
-
- describe '#as_json' do
- it 'returns claims with nil values and empty strings removed' do
- allow(subject).to receive(:claims).and_return({
- nil: nil,
- empty: '',
- blank: ' ',
- })
-
- expect(subject.as_json).to eq({
- blank: ' '
- })
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/models/access_grant_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/models/access_grant_spec.rb
deleted file mode 100644
index 43e9ef8db6bb7..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/models/access_grant_spec.rb
+++ /dev/null
@@ -1,39 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::AccessGrant do
- subject { Doorkeeper::AccessGrant.new }
-
- it 'has one openid_request' do
- association = subject.class.reflect_on_association :openid_request
-
- expect(association.options).to eq({
- class_name: 'Doorkeeper::OpenidConnect::Request',
- inverse_of: :access_grant,
- foreign_key: "access_grant_id",
- dependent: :delete,
- })
- end
-
- it 'extends the base doorkeeper AccessGrant' do
- expect(subject).to respond_to(:"openid_request=")
- end
-
- describe '#delete' do
- it 'cascades to oauth_openid_requests' do
- if Rails::VERSION::MAJOR >= 6
- access_grant = create(:access_grant, application: create(:application))
- create(:openid_request, access_grant: access_grant)
-
- expect { access_grant.delete }
- .to(change { Doorkeeper::OpenidConnect::Request.count }.by(-1))
- else
- skip <<-MSG.strip
- Needs Rails 6 for foreign key support with sqlite3:
- https://blog.bigbinary.com/2019/09/24/rails-6-adds-add_foreign_key-and-remove_foreign_key-for-sqlite3.html
- MSG
- end
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/models/request_spec.rb b/vendor/gems/doorkeeper-openid_connect/spec/models/request_spec.rb
deleted file mode 100644
index 4126fbd012335..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/models/request_spec.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# frozen_string_literal: true
-
-require 'rails_helper'
-
-describe Doorkeeper::OpenidConnect::Request do
- describe 'validations' do
- it 'requires an access grant' do
- subject.access_grant_id = nil
-
- expect(subject).not_to be_valid
- expect(subject.errors).to include :access_grant_id
- end
-
- it 'requires a nonce' do
- subject.nonce = nil
-
- expect(subject).not_to be_valid
- expect(subject.errors).to include :nonce
- end
- end
-
- describe 'associations' do
- it 'belongs to an access_grant' do
- association = subject.class.reflect_on_association :access_grant
-
- expect(association.options).to eq({
- class_name: 'Doorkeeper::AccessGrant',
- inverse_of: :openid_request,
- })
- end
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/rails_helper.rb b/vendor/gems/doorkeeper-openid_connect/spec/rails_helper.rb
deleted file mode 100644
index 79b9c48543b37..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/rails_helper.rb
+++ /dev/null
@@ -1,59 +0,0 @@
-# frozen_string_literal: true
-
-# This file is copied to spec/ when you run 'rails generate rspec:install'
-ENV['RAILS_ENV'] ||= 'test'
-require 'dummy/config/environment'
-# Prevent database truncation if the environment is production
-abort('The Rails environment is running in production mode!') if Rails.env.production?
-require 'spec_helper'
-require 'rspec/rails'
-# Add additional requires below this line. Rails is not loaded until this point!
-
-# Requires supporting ruby files with custom matchers and macros, etc, in
-# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
-# run as spec files by default. This means that files in spec/support that end
-# in _spec.rb will both be required and run as specs, causing the specs to be
-# run twice. It is recommended that you do not name files matching this glob to
-# end with _spec.rb. You can configure this pattern with the --pattern
-# option on the command line or in ~/.rspec, .rspec or `.rspec-local`.
-#
-# The following line is provided for convenience purposes. It has the downside
-# of increasing the boot-up time by auto-requiring all files in the support
-# directory. Alternatively, in the individual `*_spec.rb` files, manually
-# require only the support files necessary.
-#
-# Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f }
-
-# Checks for pending migration and applies them before tests are run.
-# If you are not using ActiveRecord, you can remove this line.
-Dir.chdir('spec/dummy') do
- ActiveRecord::Migration.maintain_test_schema!
-end
-
-require_relative 'support/doorkeeper_configuration.rb'
-
-require 'factory_bot'
-FactoryBot.find_definitions
-
-RSpec.configure do |config|
- # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
- config.fixture_path = "#{::Rails.root}/spec/fixtures"
-
- # If you're not using ActiveRecord, or you'd prefer not to run each of your
- # examples within a transaction, remove the following line or assign false
- # instead of true.
- config.use_transactional_fixtures = true
-
- # Filter lines from Rails gems in backtraces.
- config.filter_rails_from_backtrace!
- # arbitrary gems may also be filtered via:
- # config.filter_gems_from_backtrace("gem name")
-
- config.include FactoryBot::Syntax::Methods
-
- # Reinitialize configuration after each example
- config.after do
- load Rails.root.join('config/initializers/doorkeeper.rb')
- load Rails.root.join('config/initializers/doorkeeper_openid_connect.rb')
- end
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/spec_helper.rb b/vendor/gems/doorkeeper-openid_connect/spec/spec_helper.rb
deleted file mode 100644
index b0b2a54d4b002..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/spec_helper.rb
+++ /dev/null
@@ -1,85 +0,0 @@
-# frozen_string_literal: true
-
-require 'pry-byebug'
-
-puts "====> Doorkeeper version: #{Doorkeeper::VERSION::STRING}"
-
-RSpec.configure do |config|
- # rspec-expectations config goes here. You can use an alternate
- # assertion/expectation library such as wrong or the stdlib/minitest
- # assertions if you prefer.
- config.expect_with :rspec do |expectations|
- # This option will default to `true` in RSpec 4. It makes the `description`
- # and `failure_message` of custom matchers include text for helper methods
- # defined using `chain`, e.g.:
- # be_bigger_than(2).and_smaller_than(4).description
- # # => "be bigger than 2 and smaller than 4"
- # ...rather than:
- # # => "be bigger than 2"
- expectations.include_chain_clauses_in_custom_matcher_descriptions = true
- end
-
- # rspec-mocks config goes here. You can use an alternate test double
- # library (such as bogus or mocha) by changing the `mock_with` option here.
- config.mock_with :rspec do |mocks|
- # Prevents you from mocking or stubbing a method that does not exist on
- # a real object. This is generally recommended, and will default to
- # `true` in RSpec 4.
- mocks.verify_partial_doubles = true
- end
-
- # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
- # have no way to turn it off -- the option exists only for backwards
- # compatibility in RSpec 3). It causes shared context metadata to be
- # inherited by the metadata hash of host groups and examples, rather than
- # triggering implicit auto-inclusion in groups with matching metadata.
- config.shared_context_metadata_behavior = :apply_to_host_groups
-
- # The settings below are suggested to provide a good initial experience
- # with RSpec, but feel free to customize to your heart's content.
- # This allows you to limit a spec run to individual examples or groups
- # you care about by tagging them with `:focus` metadata. When nothing
- # is tagged with `:focus`, all examples get run. RSpec also provides
- # aliases for `it`, `describe`, and `context` that include `:focus`
- # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
- config.filter_run_when_matching :focus
-
- # Allows RSpec to persist some state between runs in order to support
- # the `--only-failures` and `--next-failure` CLI options. We recommend
- # you configure your source control system to ignore this file.
- config.example_status_persistence_file_path = 'spec/examples.txt'
-
- # Limits the available syntax to the non-monkey patched syntax that is
- # recommended. For more details, see:
- # - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
- # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
- # - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
- # config.disable_monkey_patching!
-
- # Many RSpec users commonly either run the entire suite or an individual
- # file, and it's useful to allow more verbose output when running an
- # individual spec file.
- if config.files_to_run.one?
- # Use the documentation formatter for detailed output,
- # unless a formatter has already been configured
- # (e.g. via a command-line flag).
- config.default_formatter = 'doc'
- end
-
- # Print the 10 slowest examples and example groups at the
- # end of the spec run, to help surface which specs are running
- # particularly slow.
- # config.profile_examples = 10
-
- # Run specs in random order to surface order dependencies. If you find an
- # order dependency and want to debug it, you can fix the order by providing
- # the seed, which is printed after each run.
- # --seed 1234
- config.order = :random
-
- # Seed global randomization in this process using the `--seed` CLI option.
- # Setting this allows you to use `--seed` to deterministically reproduce
- # test failures related to randomization by passing the same `--seed` value
- # as the one that triggered the failure.
- Kernel.srand config.seed
-end
diff --git a/vendor/gems/doorkeeper-openid_connect/spec/support/doorkeeper_configuration.rb b/vendor/gems/doorkeeper-openid_connect/spec/support/doorkeeper_configuration.rb
deleted file mode 100644
index 5198a0b351443..0000000000000
--- a/vendor/gems/doorkeeper-openid_connect/spec/support/doorkeeper_configuration.rb
+++ /dev/null
@@ -1,42 +0,0 @@
-# frozen_string_literal: true
-
-module DoorkeeperConfiguration
- def configure_doorkeeper(signing_key, signing_algorithm)
- Doorkeeper::OpenidConnect.configure do
- signing_key signing_key
-
- signing_algorithm signing_algorithm
-
- resource_owner_from_access_token do |access_token|
- User.find_by(id: access_token.resource_owner_id)
- end
-
- auth_time_from_resource_owner do |resource_owner|
- resource_owner.current_sign_in_at
- end
-
- subject do |resource_owner|
- resource_owner.id
- end
- end
- end
-
- def configure_ec
- signing_key = <<~EOL
- -----BEGIN EC PRIVATE KEY-----
- MIHbAgEBBEF9VcxGjPKczrJlE1N3oEpZsauQfDXIjLeini7h4/3+DOKw2VWE4lCU
- rNJJL65EHT+2TriRg2xSb0l0rK/MAFAFraAHBgUrgQQAI6GBiQOBhgAEAeYVvbl3
- zZcFCdE+0msqOowYODjzeXAhjsZKhdNjGlDREvko3UFOw6S43g+s8bvVBmBz3fCo
- dEzFRYQqJVI4UFvFAYJ7GYeBm/Fb6liN53xGASdbRSzF34h4BDSVYzjtQc7I+1LK
- 17fwwS3VfQCJwaT6zX33HTrhR4VoUEUJHKwR3dNs
- -----END EC PRIVATE KEY-----
- EOL
- configure_doorkeeper(signing_key, :ES512)
- end
-
- def configure_hmac
- configure_doorkeeper('the_greatest_secret_key', :HS512)
- end
-end
-
-RSpec.configure { |config| config.include DoorkeeperConfiguration }
--
GitLab