stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Open Oromis opened 1 year ago
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
gottfrois
commented
1 year ago I was wondering the exact same thing here as per the oauth.com website mention:
The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
Ksm125
commented
6 months ago This issue is coming from OAuth::ClientCredentials::Creator#call where we have
Doorkeeper.config.access_token_model.create_for(
application: application,
resource_owner: nil,
scopes: scopes,
**attributes,
)we should have something like
Doorkeeper.config.access_token_model.create_for(
application: application,
resource_owner: Doorkeeper.config.enable_application_owner? ? application&.owner : nil,
scopes: scopes,
**attributes,
)
ThisIsMissEm
commented
4 months ago I was wondering the exact same thing here as per the oauth.com website mention:
The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
This quote is correct: Access Tokens that are Client Credentials access resources on behalf of the client, and not a user. That is, even if the Application belongs to a user, the client credential only belongs to the application, not to the owner of that application.
fredplante
commented
4 months ago I stumbled upon this today, and it looks like a bug to me:
What's the point of having an application owner if that's not for allowing to associate the application owner as a token resource owner when using client credentials?
I agree the spec outlines that client credentials are used to access their own resources, but it doesn't mean much. OAuth applications do not have resources per-se. They typically belongs to someone/something (the owner), and the owner is the real resource owner.
Typical usage is a website where a user can create an oauth application to access their data using client_credential flow, in a server to server scenario.
If an api uses both authorization_code & client_credentials grant flows, you have to use this:
class Api::TransactionsController < Api::BaseController
def index
@transactions = resource_owner.transactions
end
private
def resource_owner
if doorkeeper_token.resource_owner.present?
doorkeeper_token.resource_owner # token created using authorization_code
else
doorkeeper_token.application.owner # token created using client_credentials
end
end
endMaybe I'm missing something, happy to discuss
ThisIsMissEm
commented
4 months ago The specifications for OAuth 2.0 are extremely clear here: client credentials act on behalf of the application, not the user.
Unless you have resources that should only be access by the application, e.g., to manipulate the application registration, then you probably don't need the client_credentials grant type.
The fact that an application may be owned by a user account doesn't mean the application should be granted full access to the creator's account through usage of client_credentials, and in fact, that'd be a major security issue potentially.
fredplante
commented
4 months ago @ThisIsMissEm Thank you for your answer, I'm ready to change my mind about this 🙂 Can you explain a bit what would be the security issue here, in the context of the example i gave: A user create an oauth app, owned only by them. App would be used only for server to server communications.
And what would you recommend as an alternative? Access tokens used, similar to github personal tokens?
ThisIsMissEm
commented
4 months ago Yes, you'd want to use access tokens for that purpose, if you really need to use OAuth at all for it.
e.g., you don't have to wait until a 2-legged oauth flow to issue access tokens (or authorization grants)
But client_credentials have a very specific purpose which is to access resources on behalf of the application, not the user.
Steps to reproduce
enable_application_ownerin the config (I even enabled confirmation:enable_application_owner confirmation: true)use_polymorphic_resource_ownerin the configCompanyin my case):Expected behavior
If an application is associated with a resource owner, then tokens created from this application should inherit the application's owner as its resource owner. Otherwise, how can one assign a resource owner to an access token when using the client_credentials grant type?
Actual behavior
The access token is not associated with the resource owner, see screenshot above.
Maybe I misunderstood something here, in that case please enlighten me.
System configuration
You can help us to understand your problem if you will share some very useful information about your project environment (don't forget to remove any confidential data if it exists).
Doorkeeper initializer:
Ruby version:
2.7.3p183Gemfile.lock:
Gemfile.lock content
GIT remote: https://github.com/quorak/active_record-postgres-constraints.git revision: aa91422e869cdde215269214bc54e40f7f6fcd72 branch: support-rails-6.1 specs: active_record-postgres-constraints (0.2.3) pg rails (>= 5.0, <= 8.0) GIT remote: https://github.com/quorak/array_enum.git revision: bca5f44d1805989726a359ef63f7d35f6a5ec289 specs: array_enum (1.2.0) activemodel GIT remote: https://github.com/quorak/exception_notification.git revision: fcbb970f96269efe0f34f77c0c5ce2b137bdc085 branch: quorak-patch-module_parent_name specs: exception_notification (4.4.0) actionmailer (>= 4.0, < 7) activesupport (>= 4.0, < 7) GIT remote: https://github.com/quorak/jbuilder_cache_multi.git revision: b6cf2c7798b195f031fa7eb51dde1e17885d0d2f specs: jbuilder_cache_multi (0.1.0) jbuilder (>= 1.5.0, < 3) GEM remote: https://rubygems.org/ specs: action_policy (0.3.4) actioncable (6.1.5.1) actionpack (= 6.1.5.1) activesupport (= 6.1.5.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) actionmailbox (6.1.5.1) actionpack (= 6.1.5.1) activejob (= 6.1.5.1) activerecord (= 6.1.5.1) activestorage (= 6.1.5.1) activesupport (= 6.1.5.1) mail (>= 2.7.1) actionmailer (6.1.5.1) actionpack (= 6.1.5.1) actionview (= 6.1.5.1) activejob (= 6.1.5.1) activesupport (= 6.1.5.1) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) actionpack (6.1.5.1) actionview (= 6.1.5.1) activesupport (= 6.1.5.1) rack (~> 2.0, >= 2.0.9) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) actiontext (6.1.5.1) actionpack (= 6.1.5.1) activerecord (= 6.1.5.1) activestorage (= 6.1.5.1) activesupport (= 6.1.5.1) nokogiri (>= 1.8.5) actionview (6.1.5.1) activesupport (= 6.1.5.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) active_model_validates_intersection_of (3.0.0) activemodel (>= 5.0.0) active_storage_validations (0.8.9) rails (>= 5.2.0) activejob (6.1.5.1) activesupport (= 6.1.5.1) globalid (>= 0.3.6) activemodel (6.1.5.1) activesupport (= 6.1.5.1) activerecord (6.1.5.1) activemodel (= 6.1.5.1) activesupport (= 6.1.5.1) activestorage (6.1.5.1) actionpack (= 6.1.5.1) activejob (= 6.1.5.1) activerecord (= 6.1.5.1) activesupport (= 6.1.5.1) marcel (~> 1.0) mini_mime (>= 1.1.0) activestorage-openstack (1.5.1) fog-openstack (~> 1.0) marcel rails (>= 5.2.2) activesupport (6.1.5.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) zeitwerk (~> 2.3) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) ahoy_matey (3.2.0) activesupport (>= 5) device_detector geocoder (>= 1.4.5) safely_block (>= 0.2.1) annotate (3.1.1) activerecord (>= 3.2, < 7.0) rake (>= 10.4, < 14.0) ansi (1.5.0) api-pagination (5.0.0) ast (2.4.2) azure-storage-blob (2.0.3) azure-storage-common (~> 2.0) nokogiri (~> 1, >= 1.10.8) azure-storage-common (2.0.4) faraday (~> 1.0) faraday_middleware (~> 1.0, >= 1.0.0.rc1) net-http-persistent (~> 4.0) nokogiri (~> 1, >= 1.10.8) babel-source (5.8.35) babel-transpiler (0.7.0) babel-source (>= 4.0, < 6) execjs (~> 2.0) bcrypt (3.1.17) better_html (1.0.16) actionview (>= 4.0) activesupport (>= 4.0) ast (~> 2.0) erubi (~> 1.4) html_tokenizer (~> 0.0.6) parser (>= 2.4) smart_properties bindex (0.8.1) biz (1.8.2) clavius (~> 1.0) tzinfo bootsnap (1.11.1) msgpack (~> 1.2) brakeman (4.10.1) builder (3.2.4) bullet (7.0.1) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) bundler-audit (0.9.0.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) byebug (11.1.3) cairo (1.17.5) native-package-installer (>= 1.0.3) pkg-config (>= 1.2.2) red-colors cairo-gobject (3.4.4) cairo (>= 1.16.2) glib2 (= 3.4.4) capybara (3.36.0) addressable matrix mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) chewy (7.2.5) activesupport (>= 5.2) elasticsearch (>= 7.12.0, < 7.14.0) elasticsearch-dsl childprocess (4.1.0) chunky_png (1.4.0) circuitbox (1.1.1) activesupport moneta city-state (0.0.13) rubyzip (~> 1.1) clavius (1.0.4) coderay (1.1.3) concurrent-ruby (1.1.10) connection_pool (2.2.5) countries (3.1.0) i18n_data (~> 0.11.0) sixarm_ruby_unaccent (~> 1.1) unicode_utils (~> 1.4) country_select (4.0.0) countries (~> 3.0) sort_alphabetical (~> 1.0) crass (1.0.6) declarative (0.0.20) deepl-rb (2.5.1) device_detector (1.0.5) devise (4.8.1) bcrypt (~> 3.0) orm_adapter (~> 0.1) railties (>= 4.1.0) responders warden (~> 1.2.3) devise-jwt (0.9.0) devise (~> 4.0) warden-jwt_auth (~> 0.6) devise_invitable (2.0.5) actionmailer (>= 5.0) devise (>= 4.6) digest-crc (0.6.3) rake (>= 12.0.0, < 14.0.0) discard (1.2.0) activerecord (>= 4.2, < 7) docile (1.4.0) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) doorkeeper (5.5.4) railties (>= 5) dotenv (2.7.6) dotenv-rails (2.7.6) dotenv (= 2.7.6) railties (>= 3.2) dry-auto_inject (0.9.0) dry-container (>= 0.3.4) dry-configurable (0.15.0) concurrent-ruby (~> 1.0) dry-core (~> 0.6) dry-container (0.9.0) concurrent-ruby (~> 1.0) dry-configurable (~> 0.13, >= 0.13.0) dry-core (0.7.1) concurrent-ruby (~> 1.0) dry-inflector (0.2.1) dry-initializer (3.1.1) dry-logic (1.2.0) concurrent-ruby (~> 1.0) dry-core (~> 0.5, >= 0.5) dry-schema (1.9.1) concurrent-ruby (~> 1.0) dry-configurable (~> 0.13, >= 0.13.0) dry-core (~> 0.5, >= 0.5) dry-initializer (~> 3.0) dry-logic (~> 1.0) dry-types (~> 1.5) dry-types (1.5.1) concurrent-ruby (~> 1.0) dry-container (~> 0.3) dry-core (~> 0.5, >= 0.5) dry-inflector (~> 0.1, >= 0.1.2) dry-logic (~> 1.0, >= 1.0.2) dry-validation (1.8.0) concurrent-ruby (~> 1.0) dry-container (~> 0.7, >= 0.7.1) dry-core (~> 0.5, >= 0.5) dry-initializer (~> 3.0) dry-schema (~> 1.9, >= 1.9.1) elastic-apm (4.1.0) concurrent-ruby (~> 1.0) http (>= 3.0) elasticsearch (7.13.3) elasticsearch-api (= 7.13.3) elasticsearch-transport (= 7.13.3) elasticsearch-api (7.13.3) multi_json elasticsearch-dsl (0.1.10) elasticsearch-transport (7.13.3) faraday (~> 1) multi_json errbase (0.2.1) erubi (1.10.0) et-orbi (1.2.7) tzinfo ethon (0.14.0) ffi (>= 1.15.0) excon (0.83.0) execjs (2.8.1) factory_bot (5.2.0) activesupport (>= 4.2.0) factory_bot_rails (5.2.0) factory_bot (~> 5.2.0) railties (>= 4.2.0) faker (2.18.0) i18n (>= 1.6, < 2) faraday (1.10.0) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) faraday-httpclient (~> 1.0) faraday-multipart (~> 1.0) faraday-net_http (~> 1.0) faraday-net_http_persistent (~> 1.0) faraday-patron (~> 1.0) faraday-rack (~> 1.0) faraday-retry (~> 1.0) ruby2_keywords (>= 0.0.4) faraday-em_http (1.0.0) faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) faraday-httpclient (1.0.1) faraday-multipart (1.0.3) multipart-post (>= 1.2, < 3) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) faraday-retry (1.0.3) faraday_middleware (1.2.0) faraday (~> 1.0) ffi (1.15.5) ffi-compiler (1.0.1) ffi (>= 1.0.0) rake fog-core (2.2.4) builder excon (~> 0.71) formatador (~> 0.2) mime-types fog-json (1.2.0) fog-core multi_json (~> 1.10) fog-openstack (1.0.11) fog-core (~> 2.1) fog-json (>= 1.0) ipaddress (>= 0.8) formatador (0.3.0) fugit (1.5.3) et-orbi (~> 1, >= 1.2.7) raabro (~> 1.4) geocoder (1.6.7) gio2 (3.4.4) gobject-introspection (= 3.4.4) glib2 (3.4.4) native-package-installer (>= 1.0.3) pkg-config (>= 1.3.5) globalid (1.0.0) activesupport (>= 5.0) gobject-introspection (3.4.4) glib2 (= 3.4.4) google-apis-core (0.4.0) addressable (~> 2.5, >= 2.5.1) googleauth (>= 0.16.2, < 2.a) httpclient (>= 2.8.1, < 3.a) mini_mime (~> 1.0) representable (~> 3.0) retriable (>= 2.0, < 4.a) rexml webrick google-apis-iamcredentials_v1 (0.5.0) google-apis-core (>= 0.3, < 2.a) google-apis-storage_v1 (0.5.0) google-apis-core (>= 0.3, < 2.a) google-cloud-core (1.6.0) google-cloud-env (~> 1.0) google-cloud-errors (~> 1.0) google-cloud-env (1.5.0) faraday (>= 0.17.3, < 2.0) google-cloud-errors (1.1.0) google-cloud-storage (1.32.0) addressable (~> 2.5) digest-crc (~> 0.4) google-apis-iamcredentials_v1 (~> 0.1) google-apis-storage_v1 (~> 0.1) google-cloud-core (~> 1.6) googleauth (>= 0.16.2, < 2.a) mini_mime (~> 1.0) googleauth (0.16.2) faraday (>= 0.17.3, < 2.0) jwt (>= 1.4, < 3.0) memoist (~> 0.16) multi_json (~> 1.11) os (>= 0.9, < 2.0) signet (~> 0.14) has_scope (0.8.0) actionpack (>= 5.2) activesupport (>= 5.2) hashie (5.0.0) health_bit (0.1.8) rack highline (2.0.3) holidays (8.4.1) html_tokenizer (0.0.7) http (5.0.1) addressable (~> 2.3) http-cookie (~> 1.0) http-form_data (~> 2.2) llhttp-ffi (~> 0.3.0) http-cookie (1.0.4) domain_name (~> 0.5) http-form_data (2.3.0) http_accept_language (2.1.1) httparty (0.18.1) mime-types (~> 3.0) multi_xml (>= 0.5.2) httpclient (2.8.3) i18n (1.11.0) concurrent-ruby (~> 1.0) i18n-js (3.8.3) i18n (>= 0.6.6) i18n-tasks (1.0.11) activesupport (>= 4.0.2) ast (>= 2.1.0) better_html (~> 1.0) erubi highline (>= 2.0.0) i18n parser (>= 2.2.3.0) rails-i18n rainbow (>= 2.2.2, < 4.0) terminal-table (>= 1.5.1) i18n_data (0.11.0) ice_cube (0.16.3) image_processing (1.12.2) mini_magick (>= 4.9.5, < 5) ruby-vips (>= 2.0.17, < 3) inherited_resources (1.13.0) actionpack (>= 5.2, < 6.2) has_scope (~> 0.6) railties (>= 5.2, < 6.2) responders (>= 2, < 4) ipaddress (0.8.3) jbuilder (2.11.2) activesupport (>= 5.0.0) js-routes (1.4.14) railties (>= 4) jwt (2.3.0) kaminari (1.2.1) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.1) kaminari-activerecord (= 1.2.1) kaminari-core (= 1.2.1) kaminari-actionview (1.2.1) actionview kaminari-core (= 1.2.1) kaminari-activerecord (1.2.1) activerecord kaminari-core (= 1.2.1) kaminari-core (1.2.1) launchy (2.5.0) addressable (~> 2.7) letter_opener (1.7.0) launchy (~> 2.2) letter_opener_web (1.4.0) actionmailer (>= 3.2) letter_opener (~> 1.0) railties (>= 3.2) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) llhttp-ffi (0.3.1) ffi-compiler (~> 1.0) rake (~> 13.0) lograge (0.11.2) actionpack (>= 4) activesupport (>= 4) railties (>= 4) request_store (~> 1.0) logstash-event (1.2.02) logstash-logger (0.26.1) logstash-event (~> 1.2) loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) mini_mime (>= 0.1.1) marcel (1.0.2) matrix (0.4.2) memoist (0.16.2) method_source (1.0.0) mime-types (3.3.1) mime-types-data (~> 3.2015) mime-types-data (3.2021.0225) mini_magick (4.11.0) mini_mime (1.1.2) mini_portile2 (2.8.0) minitest (5.15.0) minitest-reporters (1.4.3) ansi builder minitest (>= 5.0) ruby-progressbar minitest-retry (0.2.2) minitest (>= 5.0) minitest-stub_any_instance (1.0.2) moneta (1.4.2) mry (0.78.0.0) rubocop (>= 0.41.0) msgpack (1.5.1) multi_json (1.15.0) multi_xml (0.6.0) multipart-post (2.1.1) native-package-installer (1.1.1) net-http-persistent (4.0.1) connection_pool (~> 2.2) nio4r (2.5.8) nokogiri (1.13.6) mini_portile2 (~> 2.8.0) racc (~> 1.4) oauth2 (1.4.7) faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) oj (3.12.0) olive_branch (4.0.0) multi_json rails (>= 4.0) omniauth (1.9.1) hashie (>= 3.4.6) rack (>= 1.6.2, < 3) omniauth-azure-oauth2 (0.0.10) jwt (>= 1.0, < 3.0) omniauth (~> 1.0) omniauth-oauth2 (~> 1.4) omniauth-linkedin-oauth2 (1.0.0) omniauth-oauth2 omniauth-oauth2 (1.7.1) oauth2 (~> 1.4) omniauth (>= 1.9, < 3) omniauth-rails_csrf_protection (0.1.2) actionpack (>= 4.2) omniauth (>= 1.3.1) operator_recordable (1.0.0) activerecord (>= 5.0) orm_adapter (0.5.0) os (1.1.1) paper_trail (11.1.0) activerecord (>= 5.2) request_store (~> 1.1) parallel (1.20.1) parser (3.0.1.1) ast (~> 2.4.1) pg (1.2.3) pg_search (2.3.5) activerecord (>= 5.2) activesupport (>= 5.2) pkg-config (1.4.6) poppler (3.4.4) cairo-gobject (= 3.4.4) gio2 (= 3.4.4) posthog-ruby (1.2.0) pretender (0.4.0) actionpack (>= 5.2) pry (0.14.1) coderay (~> 1.1) method_source (~> 1.0) public_suffix (4.0.7) puma (5.6.4) nio4r (~> 2.0) pundit (2.1.0) activesupport (>= 3.0.0) raabro (1.4.0) racc (1.6.0) rack (2.2.4) rack-proxy (0.7.0) rack rack-test (2.0.2) rack (>= 1.3) rails (6.1.5.1) actioncable (= 6.1.5.1) actionmailbox (= 6.1.5.1) actionmailer (= 6.1.5.1) actionpack (= 6.1.5.1) actiontext (= 6.1.5.1) actionview (= 6.1.5.1) activejob (= 6.1.5.1) activemodel (= 6.1.5.1) activerecord (= 6.1.5.1) activestorage (= 6.1.5.1) activesupport (= 6.1.5.1) bundler (>= 1.15.0) railties (= 6.1.5.1) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.4.3) loofah (~> 2.3) rails-i18n (6.0.0) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 7) railties (6.1.5.1) actionpack (= 6.1.5.1) activesupport (= 6.1.5.1) method_source rake (>= 12.2) thor (~> 1.0) rainbow (3.0.0) rake (13.0.6) rb-fsevent (0.11.0) rb-inotify (0.10.1) ffi (~> 1.0) react-rails (2.6.2) babel-transpiler (>= 0.7.0) connection_pool execjs railties (>= 3.2) tilt red-colors (0.3.0) matrix redis (4.6.0) redis-namespace (1.8.1) redis (>= 3.0.4) regexp_parser (2.3.0) representable (3.1.1) declarative (< 0.1.0) trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) request_store (1.5.0) rack (>= 1.4) request_store-sidekiq (0.1.0) request_store (>= 1.3) sidekiq (>= 3.0) responders (3.0.1) actionpack (>= 5.0) railties (>= 5.0) retriable (3.1.2) rexml (3.2.5) rqrcode (1.2.0) chunky_png (~> 1.0) rqrcode_core (~> 0.2) rqrcode_core (0.2.0) rubocop (0.91.1) parallel (~> 1.10) parser (>= 2.7.1.1) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 1.7) rexml rubocop-ast (>= 0.4.0, < 1.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 1.4.0, < 2.0) rubocop-ast (0.8.0) parser (>= 2.7.1.5) rubocop-minitest (0.13.0) rubocop (>= 0.90, < 2.0) rubocop-performance (1.10.2) rubocop (>= 0.90.0, < 2.0) rubocop-ast (>= 0.4.0) rubocop-rails (2.9.1) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 0.90.0, < 2.0) rubocop-thread_safety (0.4.2) rubocop (>= 0.53.0) ruby-graphviz (1.2.5) rexml ruby-progressbar (1.11.0) ruby-vips (2.1.4) ffi (~> 1.12) ruby2_keywords (0.0.5) ruby_dep (1.5.0) rubyzip (1.3.0) safely_block (0.3.0) errbase (>= 0.1.1) sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) sass-rails (5.1.0) railties (>= 5.2.0) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) selenium-webdriver (4.1.0) childprocess (>= 0.5, < 5.0) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2) semantic_range (3.0.0) sentry-rails (4.5.2) railties (>= 5.0) sentry-ruby-core (~> 4.5.0) sentry-ruby (4.5.2) concurrent-ruby (~> 1.0, >= 1.0.2) faraday (>= 1.0) sentry-ruby-core (= 4.5.2) sentry-ruby-core (4.5.2) concurrent-ruby faraday sentry-sidekiq (4.5.2) sentry-ruby-core (~> 4.5.0) sidekiq (6.4.2) connection_pool (>= 2.2.2) rack (~> 2.0) redis (>= 4.2.0) sidekiq-cron (1.3.0) fugit (>= 1.1) sidekiq (>= 4.2.1) sidekiq_alive (2.1.5) sidekiq webrick signet (0.15.0) addressable (~> 2.3) faraday (>= 0.17.3, < 2.0) jwt (>= 1.5, < 3.0) multi_json (~> 1.10) simple_form (5.1.0) actionpack (>= 5.2) activemodel (>= 5.2) simplecov (0.21.2) docile (~> 1.1) simplecov-html (~> 0.11) simplecov_json_formatter (~> 0.1) simplecov-cobertura (2.1.0) rexml simplecov (~> 0.19) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) sixarm_ruby_unaccent (1.2.0) slack-notifier (2.4.0) smart_properties (1.17.0) sort_alphabetical (1.1.0) unicode_utils (>= 1.2.2) spring (2.1.1) spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) sprockets (3.7.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.4.2) actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) state_machines (0.5.0) state_machines-activemodel (0.8.0) activemodel (>= 5.1) state_machines (>= 0.5.0) state_machines-activerecord (0.8.0) activerecord (>= 5.1) state_machines-activemodel (>= 0.8.0) state_machines-graphviz (0.0.2) ruby-graphviz state_machines terminal-table (3.0.2) unicode-display_width (>= 1.1.1, < 3) thor (1.2.1) tilt (2.0.10) trailblazer-option (0.1.1) ts_routes (1.0.3) railties (>= 4.0) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) typhoeus (1.4.0) ethon (>= 0.9.0) tzinfo (2.0.4) concurrent-ruby (~> 1.0) tzinfo-data (1.2021.1) tzinfo (>= 1.0.0) uber (0.1.0) unf (0.1.4) unf_ext unf_ext (0.0.7.7) unicode-display_width (1.7.0) unicode_utils (1.4.0) uniform_notifier (1.16.0) warden (1.2.9) rack (>= 2.0.9) warden-jwt_auth (0.6.0) dry-auto_inject (~> 0.8) dry-configurable (~> 0.13) jwt (~> 2.1) warden (~> 1.2) web-console (4.1.0) actionview (>= 6.0.0) activemodel (>= 6.0.0) bindex (>= 0.4.0) railties (>= 6.0.0) webdrivers (5.0.0) nokogiri (~> 1.6) rubyzip (>= 1.3.0) selenium-webdriver (~> 4.0) webpacker (5.4.0) activesupport (>= 5.2) rack-proxy (>= 0.6.1) railties (>= 5.2) semantic_range (>= 2.3.0) webrick (1.7.0) websocket-driver (0.7.5) websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) with_advisory_lock (4.6.0) activerecord (>= 4.2) xpath (3.2.0) nokogiri (~> 1.8) zeitwerk (2.6.0) PLATFORMS ruby DEPENDENCIES action_policy (~> 0.3.2) active_model_validates_intersection_of active_record-postgres-constraints! active_storage_validations (~> 0.8.5) activestorage-openstack (~> 1.4) ahoy_matey (~> 3.0) annotate api-pagination (~> 5.0) array_enum! azure-storage-blob (~> 2.0) biz bootsnap (>= 1.4.2) brakeman (~> 4.10.0) bullet bundler-audit byebug capybara (>= 2.15) chewy (~> 7.2) circuitbox (~> 1.1) city-state (= 0.0.13) country_select (~> 4.0) deepl-rb devise (~> 4.7) devise-jwt devise_invitable (~> 2.0) discard (~> 1.2) doorkeeper (~> 5.5) dotenv-rails dry-validation (~> 1.5) elastic-apm exception_notification! factory_bot_rails (~> 5.2.0) faker google-cloud-storage (~> 1.11) has_scope health_bit holidays http_accept_language (~> 2.1) httparty i18n-js i18n-tasks (~> 1.0) ice_cube (~> 0.16.3) image_processing (~> 1.9) inherited_resources (~> 1.11) jbuilder (~> 2.7) jbuilder_cache_multi! js-routes (~> 1.4.14) kaminari letter_opener_web listen (>= 3.0.5, < 3.2) lograge logstash-event logstash-logger minitest (= 5.15.0) minitest-reporters minitest-retry minitest-stub_any_instance mry multi_json (~> 1.11) oj olive_branch omniauth (~> 1.9) omniauth-azure-oauth2 (~> 0.0.10) omniauth-linkedin-oauth2 omniauth-rails_csrf_protection (~> 0.1) operator_recordable paper_trail (~> 11.1) pg pg_search poppler (~> 3.4) posthog-ruby pretender (~> 0.4.0) pry puma (>= 5.6.4) pundit (~> 2.1) rails (~> 6.1) rails-i18n (~> 6.0) react-rails (~> 2.6) redis (~> 4.1) redis-namespace (~> 1.8) request_store (~> 1.5) request_store-sidekiq (~> 0.1.0) responders (~> 3.0) rqrcode (~> 1.1) rubocop (~> 0.91.1) rubocop-minitest rubocop-performance rubocop-rails rubocop-thread_safety sass-rails (~> 5) sentry-rails sentry-ruby sentry-sidekiq sidekiq (~> 6.4) sidekiq-cron (~> 1.1) sidekiq_alive (~> 2.0) simple_form simplecov-cobertura slack-notifier spring spring-watcher-listen (~> 2.0.0) state_machines-activerecord (~> 0.8.0) state_machines-graphviz ts_routes (~> 1.0) turbolinks (~> 5) typhoeus tzinfo-data web-console (>= 3.3.0) webdrivers webpacker (~> 5.0) with_advisory_lock (~> 4.6) RUBY VERSION ruby 2.7.3p183 BUNDLED WITH 2.2.32