From d55c83f73d926368fbbc1becbf587ea9e7aaef43 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 25 Nov 2022 06:06:11 -0800
Subject: [PATCH] Update doorkeeper and doorkeeper-openid_connect gems

This is needed to prepare for adding PKCE support in
https://gitlab.com/gitlab-org/gitlab/-/issues/382340.

https://github.com/doorkeeper-gem/doorkeeper-openid_connect/pull/173
modified the initialization so that
`app/controllers/concerns/enforces_two_factor_authentication.rb` is
loaded before the Rails application is initialized, so we move the
`MFA_HELP_PAGE` constant into a method to avoid boot errors.

Diffs:
- https://my.diffend.io/gems/doorkeeper/5.5.0.rc2/5.5.4
- https://my.diffend.io/gems/doorkeeper-openid_connect/1.7.5/1.8.2

Changelog: changed
---
 Gemfile                                            |  4 ++--
 Gemfile.checksum                                   |  4 ++--
 Gemfile.lock                                       | 10 +++++-----
 .../concerns/enforces_two_factor_authentication.rb | 14 ++++++++------
 spec/controllers/graphql_controller_spec.rb        |  2 +-
 spec/requests/api/oauth_tokens_spec.rb             |  2 --
 6 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/Gemfile b/Gemfile
index 5ba154c0e6184..542603a312f6e 100644
--- a/Gemfile
+++ b/Gemfile
@@ -52,8 +52,8 @@ gem 'declarative_policy', '~> 1.1.0'
 gem 'devise', '~> 4.8.1'
 gem 'devise-pbkdf2-encryptable', '~> 0.0.0', path: 'vendor/gems/devise-pbkdf2-encryptable'
 gem 'bcrypt', '~> 3.1', '>= 3.1.14'
-gem 'doorkeeper', '~> 5.5.0.rc2'
-gem 'doorkeeper-openid_connect', '~> 1.7.5'
+gem 'doorkeeper', '~> 5.5'
+gem 'doorkeeper-openid_connect', '~> 1.8'
 gem 'rexml', '~> 3.2.5'
 gem 'ruby-saml', '~> 1.13.0'
 gem 'omniauth', '~> 2.1.0'
diff --git a/Gemfile.checksum b/Gemfile.checksum
index bacb2c5459d89..f17b224f5907d 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -113,8 +113,8 @@
 {"name":"discordrb-webhooks","version":"3.4.2","platform":"ruby","checksum":"cfdba8a4b28236b6ab34e37389f881a59c241aeb5be0a4447249efd4e4383c6e"},
 {"name":"docile","version":"1.4.0","platform":"ruby","checksum":"5f1734bde23721245c20c3d723e76c104208e1aa01277a69901ce770f0ebb8d3"},
 {"name":"domain_name","version":"0.5.20190701","platform":"ruby","checksum":"000a600454cb4a344769b2f10b531765ea7bd3a304fe47ed12e5ca1eab969851"},
-{"name":"doorkeeper","version":"5.5.0.rc2","platform":"ruby","checksum":"93a322ffca3cadbfb862b0199f78674d8372780afdd7471e657064610bb7b2d5"},
-{"name":"doorkeeper-openid_connect","version":"1.7.5","platform":"ruby","checksum":"2dea201ffd9e4bec573609c90bb638254a48bfa3de3ec4af892ec64e0b5947b2"},
+{"name":"doorkeeper","version":"5.5.4","platform":"ruby","checksum":"7fe233a96f93bf0d5496e2284abf431f38ab465fd65d1972b90cbec7c45b1ea1"},
+{"name":"doorkeeper-openid_connect","version":"1.8.2","platform":"ruby","checksum":"48368db38e4a957d85ca5226775f228c08a18c03614ddd060d0287da75739cdd"},
 {"name":"dotenv","version":"2.7.6","platform":"ruby","checksum":"2451ed5e8e43776d7a787e51d6f8903b98e446146c7ad143d5678cc2c409d547"},
 {"name":"dry-configurable","version":"0.12.0","platform":"ruby","checksum":"87a9579a04dfbae73e401d694282800d64bbdb8631cb3e987bfb79b673df7c67"},
 {"name":"dry-container","version":"0.7.2","platform":"ruby","checksum":"a071824ba3451048b23500210f96a2b9facd6e46ac687f65e49c75d18786f6da"},
diff --git a/Gemfile.lock b/Gemfile.lock
index e6a9640c2040f..9e479dc250b2a 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -363,10 +363,10 @@ GEM
     docile (1.4.0)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.5.0.rc2)
+    doorkeeper (5.5.4)
       railties (>= 5)
-    doorkeeper-openid_connect (1.7.5)
-      doorkeeper (>= 5.2, < 5.5)
+    doorkeeper-openid_connect (1.8.2)
+      doorkeeper (>= 5.5, < 5.7)
       json-jwt (>= 1.11.0)
     dotenv (2.7.6)
     dry-configurable (0.12.0)
@@ -1632,8 +1632,8 @@ DEPENDENCIES
   diff_match_patch (~> 0.1.0)
   diffy (~> 3.4)
   discordrb-webhooks (~> 3.4)
-  doorkeeper (~> 5.5.0.rc2)
-  doorkeeper-openid_connect (~> 1.7.5)
+  doorkeeper (~> 5.5)
+  doorkeeper-openid_connect (~> 1.8)
   ed25519 (~> 1.3.0)
   elasticsearch-api (= 7.13.3)
   elasticsearch-model (~> 7.2)
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb
index b1b6e21644e62..28e5bfa45290f 100644
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -10,11 +10,6 @@
 module EnforcesTwoFactorAuthentication
   extend ActiveSupport::Concern
 
-  MFA_HELP_PAGE = Rails.application.routes.url_helpers.help_page_url(
-    'user/profile/account/two_factor_authentication.html',
-    anchor: 'enable-two-factor-authentication'
-  )
-
   included do
     before_action :check_two_factor_requirement, except: [:route_not_found]
 
@@ -33,7 +28,7 @@ def check_two_factor_requirement
       when GraphqlController
         render_error(
           _("Authentication error: enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}") %
-          { mfa_help_page: MFA_HELP_PAGE },
+          { mfa_help_page: mfa_help_page_url },
           status: :unauthorized
         )
       else
@@ -84,6 +79,13 @@ def skip_two_factor?
   def two_factor_verifier
     @two_factor_verifier ||= Gitlab::Auth::TwoFactorAuthVerifier.new(current_user) # rubocop:disable Gitlab/ModuleWithInstanceVariables
   end
+
+  def mfa_help_page_url
+    Rails.application.routes.url_helpers.help_page_url(
+      'user/profile/account/two_factor_authentication.html',
+      anchor: 'enable-two-factor-authentication'
+    )
+  end
 end
 
 EnforcesTwoFactorAuthentication.prepend_mod_with('EnforcesTwoFactorAuthentication')
diff --git a/spec/controllers/graphql_controller_spec.rb b/spec/controllers/graphql_controller_spec.rb
index fe8b02917338b..081e3169c3a37 100644
--- a/spec/controllers/graphql_controller_spec.rb
+++ b/spec/controllers/graphql_controller_spec.rb
@@ -191,7 +191,7 @@
 
         expected_message = "Authentication error: " \
         "enable 2FA in your profile settings to continue using GitLab: %{mfa_help_page}" %
-        { mfa_help_page: EnforcesTwoFactorAuthentication::MFA_HELP_PAGE }
+        { mfa_help_page: controller.mfa_help_page_url }
 
         expect(json_response).to eq({ 'errors' => [{ 'message' => expected_message }] })
       end
diff --git a/spec/requests/api/oauth_tokens_spec.rb b/spec/requests/api/oauth_tokens_spec.rb
index f07dcfcccd680..cb7024b716676 100644
--- a/spec/requests/api/oauth_tokens_spec.rb
+++ b/spec/requests/api/oauth_tokens_spec.rb
@@ -85,8 +85,6 @@ def request_oauth_token(user, headers = {})
 
         context 'with invalid credentials' do
           it 'does not create an access token' do
-            pending 'Enable this example after https://github.com/doorkeeper-gem/doorkeeper/pull/1488 is merged and released'
-
             user = create(:user)
 
             request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret'))
-- 
GitLab