X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/76b45e5dde06f555c078dc0da91b268bfd560c7a..2f11b77309ee18aafb1bcce9dbe5bfc38a298bbb:/config/initializers/doorkeeper.rb diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 456bcf239..c1d4e2f78 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require_relative "../../lib/oauth" + Doorkeeper.configure do # Change the ORM that doorkeeper will use (requires ORM extensions installed). # Check the list of supported ORMs here: https://github.com/doorkeeper-gem/doorkeeper#orms @@ -48,6 +50,8 @@ Doorkeeper.configure do # end # end + application_class "Oauth2Application" unless Settings.status == "database_offline" + # Enables polymorphic Resource Owner association for Access Tokens and Access Grants. # By default this option is disabled. # @@ -122,8 +126,8 @@ Doorkeeper.configure do # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383 # # You can not enable this option together with +hash_token_secrets+. - # - # reuse_access_token + + reuse_access_token # In case you enabled `reuse_access_token` option Doorkeeper will try to find matching # token using `matching_token_for` Access Token API that searches for valid records @@ -159,17 +163,17 @@ Doorkeeper.configure do # # Note: If you are already a user of doorkeeper and have existing tokens # in your installation, they will be invalid without adding 'fallback: :plain'. - - hash_token_secrets - + # + # hash_token_secrets # By default, token secrets will be hashed using the # +Doorkeeper::Hashing::SHA256+ strategy. # # If you wish to use another hashing implementation, you can override # this strategy as follows: - # - # hash_token_secrets using: '::Doorkeeper::Hashing::MyCustomHashImpl' - # + + hash_token_secrets :using => "::Doorkeeper::SecretStoring::Plain", + :fallback => "::Doorkeeper::SecretStoring::Sha256Hash" + # Keep in mind that changing the hashing function will invalidate all existing # secrets, if there are any. @@ -221,7 +225,7 @@ Doorkeeper.configure do # https://doorkeeper.gitbook.io/guides/ruby-on-rails/scopes # default_scopes :public - optional_scopes(*Oauth::SCOPES) + optional_scopes(*Oauth::SCOPES, *Oauth::PRIVILEGED_SCOPES, *Oauth::OAUTH2_SCOPES) # Allows to restrict only certain scopes for grant_type. # By default, all the scopes will be available for all the grant types. @@ -417,10 +421,10 @@ Doorkeeper.configure do # Under some circumstances you might want to have applications auto-approved, # so that the user skips the authorization step. # For example if dealing with a trusted application. - # - # skip_authorization do |resource_owner, client| - # client.superapp? or resource_owner.admin? - # end + + skip_authorization do |_, client| + client.scopes.include?("skip_authorization") + end # Configure custom constraints for the Token Introspection request. # By default this configuration option allows to introspect a token by another