diff options
| author | Emelia Smith <ThisIsMissEm@users.noreply.github.com> | 2024-04-23 13:47:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-23 11:47:00 +0000 |
| commit | 049b159beb672ca50b239a2275f78870ee7787da (patch) | |
| tree | 03528c7b145f7177f465bd52fe0160273f8e9010 | |
| parent | d754b15afb01dfbccb25ca1a4d01127a7c0ac919 (diff) | |
Add read:me OAuth 2.0 scope, allowing more limited access to user data (#29087)
| -rw-r--r-- | app/controllers/api/v1/accounts/credentials_controller.rb | 2 | ||||
| -rw-r--r-- | config/initializers/doorkeeper.rb | 1 | ||||
| -rw-r--r-- | config/locales/doorkeeper.en.yml | 1 | ||||
| -rw-r--r-- | spec/requests/api/v1/accounts/credentials_spec.rb | 14 |
4 files changed, 17 insertions, 1 deletions
diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb index 8f31336b9f8..e8f712457ee 100644 --- a/app/controllers/api/v1/accounts/credentials_controller.rb +++ b/app/controllers/api/v1/accounts/credentials_controller.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true class Api::V1::Accounts::CredentialsController < Api::BaseController - before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update] + before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update] before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update] before_action :require_user! diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 428e4739139..1e8f9ad5061 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -89,6 +89,7 @@ Doorkeeper.configure do :'write:reports', :'write:statuses', :read, + :'read:me', :'read:accounts', :'read:blocks', :'read:bookmarks', diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml index 0432a5e3fb0..98776f2193f 100644 --- a/config/locales/doorkeeper.en.yml +++ b/config/locales/doorkeeper.en.yml @@ -174,6 +174,7 @@ en: read:filters: see your filters read:follows: see your follows read:lists: see your lists + read:me: read only your account's basic information read:mutes: see your mutes read:notifications: see your notifications read:reports: see your reports diff --git a/spec/requests/api/v1/accounts/credentials_spec.rb b/spec/requests/api/v1/accounts/credentials_spec.rb index 737348c2ddd..8ae9c78a0e5 100644 --- a/spec/requests/api/v1/accounts/credentials_spec.rb +++ b/spec/requests/api/v1/accounts/credentials_spec.rb @@ -28,6 +28,20 @@ RSpec.describe 'credentials API' do locked: true, }) end + + describe 'allows the read:me scope' do + let(:scopes) { 'read:me' } + + it 'returns the response successfully' do + subject + + expect(response).to have_http_status(200) + + expect(body_as_json).to include({ + locked: true, + }) + end + end end describe 'PATCH /api/v1/accounts/update_credentials' do |