Add read:me OAuth 2.0 scope, allowing more limited access to user data (#29087)

This commit is contained in:
Emelia Smith 2024-04-23 13:47:00 +02:00 committed by GitHub
parent d754b15afb
commit 049b159beb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 17 additions and 1 deletions

View file

@ -1,7 +1,7 @@
# frozen_string_literal: true
class Api::V1::Accounts::CredentialsController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update]
before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update]
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
before_action :require_user!

View file

@ -89,6 +89,7 @@ Doorkeeper.configure do
:'write:reports',
:'write:statuses',
:read,
:'read:me',
:'read:accounts',
:'read:blocks',
:'read:bookmarks',

View file

@ -174,6 +174,7 @@ en:
read:filters: see your filters
read:follows: see your follows
read:lists: see your lists
read:me: read only your account's basic information
read:mutes: see your mutes
read:notifications: see your notifications
read:reports: see your reports

View file

@ -28,6 +28,20 @@ RSpec.describe 'credentials API' do
locked: true,
})
end
describe 'allows the read:me scope' do
let(:scopes) { 'read:me' }
it 'returns the response successfully' do
subject
expect(response).to have_http_status(200)
expect(body_as_json).to include({
locked: true,
})
end
end
end
describe 'PATCH /api/v1/accounts/update_credentials' do