Support multiple redirect_uris when creating OAuth 2.0 Applications (#29192)

2024-05-17 15:46:12 +02:00
parent 12472e7f40
commit 2da2a1dae9
7 changed files with 201 additions and 25 deletions
--- a/spec/requests/api/v1/apps/credentials_spec.rb
+++ b/spec/requests/api/v1/apps/credentials_spec.rb
@@ -20,14 +20,26 @@ describe 'Credentials' do

        expect(body_as_json).to match(
          a_hash_including(
+            id: token.application.id.to_s,
            name: token.application.name,
            website: token.application.website,
-            vapid_key: Rails.configuration.x.vapid_public_key,
            scopes: token.application.scopes.map(&:to_s),
-            client_id: token.application.uid
+            redirect_uris: token.application.redirect_uris,
+            # Deprecated properties as of 4.3:
+            redirect_uri: token.application.redirect_uri.split.first,
+            vapid_key: Rails.configuration.x.vapid_public_key
          )
        )
      end
+
+      it 'does not expose the client_id or client_secret' do
+        subject
+
+        expect(response).to have_http_status(200)
+
+        expect(body_as_json[:client_id]).to_not be_present
+        expect(body_as_json[:client_secret]).to_not be_present
+      end
    end

    context 'with a non-read scoped oauth token' do
@@ -46,11 +58,14 @@ describe 'Credentials' do

        expect(body_as_json).to match(
          a_hash_including(
+            id: token.application.id.to_s,
            name: token.application.name,
            website: token.application.website,
-            vapid_key: Rails.configuration.x.vapid_public_key,
            scopes: token.application.scopes.map(&:to_s),
-            client_id: token.application.uid
+            redirect_uris: token.application.redirect_uris,
+            # Deprecated properties as of 4.3:
+            redirect_uri: token.application.redirect_uri.split.first,
+            vapid_key: Rails.configuration.x.vapid_public_key
          )
        )
      end