Update doorkeeper i18n for invalid code challenge method (#37827)

7 days ago · 2cb8471d81
parent 1618c28a48
commit 2cb8471d81
2 changed files with 19 additions and 17 deletions
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@ -83,7 +83,10 @@ en:
        access_denied: The resource owner or authorization server denied the request.
        credential_flow_not_configured: Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.
        invalid_client: Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
-        invalid_code_challenge_method: The code challenge method must be S256, plain is unsupported.
+        invalid_code_challenge_method:
+          one: The code_challenge_method must be %{challenge_methods}.
+          other: The code_challenge_method must be one of %{challenge_methods}.
+          zero: The authorization server does not support PKCE as there are no accepted code_challenge_method values.
        invalid_grant: The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
        invalid_redirect_uri: The redirect uri included is not valid.
        invalid_request:
--- a/spec/system/oauth_spec.rb
+++ b/spec/system/oauth_spec.rb
@ -98,28 +98,27 @@ RSpec.describe 'Using OAuth from an external app' do
      context 'when using plain code challenge method' do
        let(:pkce_code_challenge_method) { 'plain' }

-        it 'does not include the PKCE values in the response' do
+        it 'shows an error message and does not include the PKCE values or authorize button' do
          subject

-          expect(page).to have_no_css('.oauth-prompt input[name=code_challenge]')
-          expect(page).to have_no_css('.oauth-prompt input[name=code_challenge_method]')
-        end
-
-        it 'does not include the authorize button' do
-          subject
-
-          expect(page).to have_no_css('.oauth-prompt button[type="submit"]')
-        end
-
-        it 'includes an error message' do
-          subject
+          expect(page)
+            .to have_no_css('.oauth-prompt input[name=code_challenge]')
+            .and have_no_css('.oauth-prompt input[name=code_challenge_method]')
+            .and have_no_css('.oauth-prompt button[type="submit"]')

          within '.form-container .flash-message' do
-            # FIXME: Replace with doorkeeper.errors.messages.invalid_code_challenge_method.one for Doorkeeper > 5.8.0
-            # see: https://github.com/doorkeeper-gem/doorkeeper/pull/1747
-            expect(page).to have_content(I18n.t('doorkeeper.errors.messages.invalid_code_challenge_method'))
+            expect(page)
+              .to have_content(doorkeeper_invalid_code_message)
          end
        end
+
+        def doorkeeper_invalid_code_message
+          I18n.t(
+            'doorkeeper.errors.messages.invalid_code_challenge_method',
+            challenge_methods: Doorkeeper.configuration.pkce_code_challenge_methods.join(', '),
+            count: Doorkeeper.configuration.pkce_code_challenge_methods.length
+          )
+        end
      end

      context 'when the user has yet to enable TOTP' do