Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
D
diaspora
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Gigadoc 2
diaspora
Commits
3dd2f215
Commit
3dd2f215
authored
Aug 13, 2016
by
Jonne Haß
Committed by
GitHub
Aug 13, 2016
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #6975 from cmrd-senya/6857-misscoped-destroy
[API] don't store ID tokens in DB
parents
9eea1b85
9546fddb
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
23 additions
and
30 deletions
+23
-30
app/controllers/api/openid_connect/authorizations_controller.rb
...ntrollers/api/openid_connect/authorizations_controller.rb
+0
-1
app/models/api/openid_connect/authorization.rb
app/models/api/openid_connect/authorization.rb
+1
-2
db/migrate/20160813115514_remove_id_tokens.rb
db/migrate/20160813115514_remove_id_tokens.rb
+7
-0
db/schema.rb
db/schema.rb
+1
-12
lib/api/openid_connect/id_token.rb
lib/api/openid_connect/id_token.rb
+14
-15
No files found.
app/controllers/api/openid_connect/authorizations_controller.rb
View file @
3dd2f215
...
...
@@ -53,7 +53,6 @@ module Api
def
reset_auth
(
auth
)
return
unless
auth
auth
.
o_auth_access_tokens
.
destroy_all
auth
.
id_tokens
.
destroy_all
auth
.
code_used
=
false
auth
.
save
end
...
...
app/models/api/openid_connect/authorization.rb
View file @
3dd2f215
...
...
@@ -12,7 +12,6 @@ module Api
serialize
:scopes
,
JSON
has_many
:o_auth_access_tokens
,
dependent: :destroy
has_many
:id_tokens
,
dependent: :destroy
before_validation
:setup
,
on: :create
...
...
@@ -50,7 +49,7 @@ module Api
end
def
create_id_token
id_tokens
.
create!
(
nonce:
nonce
)
IdToken
.
new
(
self
,
nonce
)
end
def
self
.
find_by_client_id_user_and_scopes
(
client_id
,
user
,
scopes
)
...
...
db/migrate/20160813115514_remove_id_tokens.rb
0 → 100644
View file @
3dd2f215
require_relative
"20150714055110_create_id_tokens"
class
RemoveIdTokens
<
ActiveRecord
::
Migration
def
change
revert
CreateIdTokens
end
end
db/schema.rb
View file @
3dd2f215
...
...
@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord
::
Schema
.
define
(
version:
2016081
02301
14
)
do
ActiveRecord
::
Schema
.
define
(
version:
2016081
31155
14
)
do
create_table
"account_deletions"
,
force: :cascade
do
|
t
|
t
.
string
"diaspora_handle"
,
limit:
255
...
...
@@ -160,16 +160,6 @@ ActiveRecord::Schema.define(version: 20160810230114) do
add_index
"conversations"
,
[
"author_id"
],
name:
"conversations_author_id_fk"
,
using: :btree
add_index
"conversations"
,
[
"guid"
],
name:
"index_conversations_on_guid"
,
unique:
true
,
length:
{
"guid"
=>
191
},
using: :btree
create_table
"id_tokens"
,
force: :cascade
do
|
t
|
t
.
integer
"authorization_id"
,
limit:
4
t
.
datetime
"expires_at"
t
.
string
"nonce"
,
limit:
255
t
.
datetime
"created_at"
,
null:
false
t
.
datetime
"updated_at"
,
null:
false
end
add_index
"id_tokens"
,
[
"authorization_id"
],
name:
"index_id_tokens_on_authorization_id"
,
using: :btree
create_table
"invitation_codes"
,
force: :cascade
do
|
t
|
t
.
string
"token"
,
limit:
255
t
.
integer
"user_id"
,
limit:
4
...
...
@@ -661,7 +651,6 @@ ActiveRecord::Schema.define(version: 20160810230114) do
add_foreign_key
"conversation_visibilities"
,
"conversations"
,
name:
"conversation_visibilities_conversation_id_fk"
,
on_delete: :cascade
add_foreign_key
"conversation_visibilities"
,
"people"
,
name:
"conversation_visibilities_person_id_fk"
,
on_delete: :cascade
add_foreign_key
"conversations"
,
"people"
,
column:
"author_id"
,
name:
"conversations_author_id_fk"
,
on_delete: :cascade
add_foreign_key
"id_tokens"
,
"authorizations"
add_foreign_key
"like_signatures"
,
"likes"
,
name:
"like_signatures_like_id_fk"
,
on_delete: :cascade
add_foreign_key
"like_signatures"
,
"signature_orders"
,
name:
"like_signatures_signature_orders_id_fk"
add_foreign_key
"likes"
,
"people"
,
column:
"author_id"
,
name:
"likes_author_id_fk"
,
on_delete: :cascade
...
...
app/models
/api/openid_connect/id_token.rb
→
lib
/api/openid_connect/id_token.rb
View file @
3dd2f215
...
...
@@ -25,15 +25,12 @@ require "uri"
module
Api
module
OpenidConnect
class
IdToken
<
ActiveRecord
::
Base
belongs_to
:authorization
before_validation
:setup
,
on: :create
default_scope
{
where
(
"expires_at >= ?"
,
Time
.
zone
.
now
.
utc
)
}
def
setup
self
.
expires_at
=
30
.
minutes
.
from_now
class
IdToken
def
initialize
(
authorization
,
nonce
)
@authorization
=
authorization
@nonce
=
nonce
@created_at
=
Time
.
current
@expires_at
=
30
.
minutes
.
from_now
end
def
to_jwt
(
options
=
{})
...
...
@@ -42,6 +39,8 @@ module Api
end
end
private
def
to_response_object
(
options
=
{})
OpenIDConnect
::
ResponseObject
::
IdToken
.
new
(
claims
).
tap
do
|
id_token
|
id_token
.
code
=
options
[
:code
]
if
options
[
:code
]
...
...
@@ -54,17 +53,17 @@ module Api
@claims
||=
{
iss:
AppConfig
.
environment
.
url
,
sub:
sub
,
aud:
authorization
.
o_auth_application
.
client_id
,
exp:
expires_at
.
to_i
,
iat:
created_at
.
to_i
,
auth_time:
authorization
.
user
.
current_sign_in_at
.
to_i
,
nonce:
nonce
,
aud:
@
authorization
.
o_auth_application
.
client_id
,
exp:
@
expires_at
.
to_i
,
iat:
@
created_at
.
to_i
,
auth_time:
@
authorization
.
user
.
current_sign_in_at
.
to_i
,
nonce:
@
nonce
,
acr:
0
}
end
def
build_sub
Api
::
OpenidConnect
::
SubjectIdentifierCreator
.
create
(
authorization
)
Api
::
OpenidConnect
::
SubjectIdentifierCreator
.
create
(
@
authorization
)
end
end
end
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment