Configuration to enforce application scopes #1010
Conversation
|
|
||
| click_button 'Submit' | ||
| i_should_see 'Application created' | ||
| i_should_see 'My Application' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| fill_in 'doorkeeper_application[scopes]', with: '' | ||
|
|
||
| click_button 'Submit' | ||
| i_should_see 'Application created' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| with: 'https://example.com' | ||
| fill_in 'doorkeeper_application[scopes]', with: '' | ||
|
|
||
| click_button 'Submit' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| fill_in 'doorkeeper_application[name]', with: 'My Application' | ||
| fill_in 'doorkeeper_application[redirect_uri]', | ||
| with: 'https://example.com' | ||
| fill_in 'doorkeeper_application[scopes]', with: '' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
|
|
||
| fill_in 'doorkeeper_application[name]', with: 'My Application' | ||
| fill_in 'doorkeeper_application[redirect_uri]', | ||
| with: 'https://example.com' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| fill_in 'doorkeeper_application[name]', with: 'My Application' | ||
| fill_in 'doorkeeper_application[redirect_uri]', | ||
| with: 'https://example.com' | ||
| fill_in 'doorkeeper_application[scopes]', with: 'blahblah' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
|
|
||
| fill_in 'doorkeeper_application[name]', with: 'My Application' | ||
| fill_in 'doorkeeper_application[redirect_uri]', | ||
| with: 'https://example.com' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| config_is_set('enforce_configured_scopes', true) | ||
|
|
||
| fill_in 'doorkeeper_application[name]', with: 'My Application' | ||
| fill_in 'doorkeeper_application[redirect_uri]', |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| scenario 'adding app validating bad scope' do | ||
| config_is_set('enforce_configured_scopes', true) | ||
|
|
||
| fill_in 'doorkeeper_application[name]', with: 'My Application' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| end | ||
|
|
||
| scenario 'adding app validating bad scope' do | ||
| config_is_set('enforce_configured_scopes', true) |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| feature 'Adding applications' do | ||
| context 'in application form' do | ||
| feature "Adding applications" do | ||
| context "in application form" do |
|
|
||
| feature 'Adding applications' do | ||
| context 'in application form' do | ||
| feature "Adding applications" do |
| @@ -1,94 +1,132 @@ | |||
| require 'spec_helper_integration' | |||
| require "spec_helper_integration" | |||
There was a problem hiding this comment.
Missing magic comment # frozen_string_literal: true.
| validates_each :scopes, if: :validate_configured_scopes? do |record, attr, value| | ||
| value_str = value.to_s | ||
| record.errors.add attr, :invalid_scope unless value_str.blank? or | ||
| ScopeChecker.valid?(value_str, Doorkeeper.configuration.scopes) |
There was a problem hiding this comment.
Align the operands of a condition in an unless statement spanning multiple lines.
| @@ -14,6 +14,12 @@ module ApplicationMixin | |||
| validates :uid, uniqueness: true | |||
| validates :redirect_uri, redirect_uri: true | |||
|
|
|||
| validates_each :scopes, if: :validate_configured_scopes? do |record, attr, value| | |||
| value_str = value.to_s | |||
| record.errors.add attr, :invalid_scope unless value_str.blank? or | |||
| @@ -14,6 +14,12 @@ module ApplicationMixin | |||
| validates :uid, uniqueness: true | |||
| validates :redirect_uri, redirect_uri: true | |||
|
|
|||
| validates_each :scopes, if: :validate_configured_scopes? do |record, attr, value| | |||
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
12d0977 to
b5b20c8
Compare
|
|
||
| fill_in 'doorkeeper_application[name]', with: 'My Application' | ||
| fill_in 'doorkeeper_application[redirect_uri]', | ||
| with: 'https://example.com' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| with: 'https://example.com' | ||
| fill_in 'doorkeeper_application[scopes]', with: 'blahblah' | ||
|
|
||
| click_button 'Submit' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
| fill_in 'doorkeeper_application[name]', with: 'My Application' | ||
| fill_in 'doorkeeper_application[redirect_uri]', | ||
| with: 'https://example.com' | ||
| fill_in 'doorkeeper_application[scopes]', with: 'blahblah' |
There was a problem hiding this comment.
Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
talklittle
force-pushed
the
validate-application-scopes-configured
branch
2 times, most recently
from
a1592d0 to
750f361
Compare
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
750f361 to
08ae385
Compare
|
@nbulaj Rebased to fix conflicts with master. |
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
08ae385 to
558f167
Compare
not yet merged into Doorkeeper as of 4.3.0, so temporarily pointing to a git branch. see doorkeeper-gem/doorkeeper#1010
nbulaj
force-pushed
the
master
branch
3 times, most recently
from
14903a4 to
54e8345
Compare
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
558f167 to
d4782e8
Compare
not yet merged into Doorkeeper as of 4.3.1, so temporarily pointing to a git branch. see doorkeeper-gem/doorkeeper#1010
| @@ -12,6 +12,14 @@ class Application < ActiveRecord::Base | |||
| validates :uid, uniqueness: true | |||
| validates :redirect_uri, redirect_uri: true | |||
|
|
|||
| validates_each :scopes, if: :enforce_scopes? do |record, attr, value| | |||
There was a problem hiding this comment.
Let's move it it from the validates_each to validate with custom method or just validate with a block (because validates_each is responsible for processing bunch of attributes, but we process only one - scopes).
| @@ -12,6 +12,14 @@ class Application < ActiveRecord::Base | |||
| validates :uid, uniqueness: true | |||
| validates :redirect_uri, redirect_uri: true | |||
|
|
|||
| validates_each :scopes, if: :enforce_scopes? do |record, attr, value| | |||
| valstr = value.to_s | |||
There was a problem hiding this comment.
No need to do to_s because ActiveModel / ActiveRecord already done type-casting for us.
| @@ -12,6 +12,14 @@ class Application < ActiveRecord::Base | |||
| validates :uid, uniqueness: true | |||
| validates :redirect_uri, redirect_uri: true | |||
|
|
|||
| validates_each :scopes, if: :enforce_scopes? do |record, attr, value| | |||
| valstr = value.to_s | |||
| unless valstr.blank? || | |||
There was a problem hiding this comment.
Lets rewrite it to if - unless with more than one condition is hard to read and maintain.
| end | ||
|
|
||
| scenario "adding app validating scope, blank scope is accepted" do | ||
| config_is_set("enforce_configured_scopes", true) |
There was a problem hiding this comment.
Let's add a test with multiple scopes to be sure everything is OK
|
Hi @talklittle . Could you please take an attention to my comments below? Also could you please add an entry to NEWS.md file and squash all the commits to a single one? Thanks! |
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
d4782e8 to
588890c
Compare
|
|
||
| scenario "adding app validating scope, bad scope with multiple scopes configured" do | ||
| config_is_set("enforce_configured_scopes", true) | ||
| config_is_set("optional_scopes", Doorkeeper::OAuth::Scopes.from_array(["read", "write", "admin"])) |
There was a problem hiding this comment.
Use %w or %W for an array of words.
|
|
||
| scenario "adding app validating scope, multiple scopes configured" do | ||
| config_is_set("enforce_configured_scopes", true) | ||
| config_is_set("optional_scopes", Doorkeeper::OAuth::Scopes.from_array(["read", "write", "admin"])) |
There was a problem hiding this comment.
Use %w or %W for an array of words.
| @@ -41,5 +43,15 @@ def generate_uid | |||
| def generate_secret | |||
| self.secret = UniqueToken.generate if secret.blank? | |||
| end | |||
|
|
|||
| def validate_configured_scopes | |||
| if !scopes.blank? && !ScopeChecker.valid?(scopes.to_s, Doorkeeper.configuration.scopes) | |||
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
588890c to
69c5a33
Compare
|
|
||
| def validate_configured_scopes | ||
| if !scopes.blank? && | ||
| !ScopeChecker.valid?(scopes.to_s, Doorkeeper.configuration.scopes) |
There was a problem hiding this comment.
Align the operands of a condition in an if statement spanning multiple lines.
|
|
||
| def validate_configured_scopes | ||
| if !scopes.blank? && | ||
| !ScopeChecker.valid?(scopes.to_s, Doorkeeper.configuration.scopes) |
There was a problem hiding this comment.
Align the operands of a condition in an if statement spanning multiple lines.
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
69c5a33 to
80b8e06
Compare
|
@nbulaj Thanks for review. Applied your feedback. |
talklittle
force-pushed
the
validate-application-scopes-configured
branch
from
80b8e06 to
bcb29d3
Compare
|
Thank you @talklittle 👍 |
not yet merged into Doorkeeper as of 4.3.1, so temporarily pointing to a git branch. see doorkeeper-gem/doorkeeper#1010
Fixes #1009