From: Tom Hughes <tom@compton.nu>
Date: Fri, 30 Jul 2021 21:42:45 +0000 (+0100)
Subject: Add a privileged scope that allows authorization to be skipped
X-Git-Tag: live~2137^2~2
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/64604a852f941a2c30aef909073b4f6925c622fa

Add a privileged scope that allows authorization to be skipped
---

diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 32156b821..a96e6fd6c 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -419,10 +419,10 @@ Doorkeeper.configure do
   # Under some circumstances you might want to have applications auto-approved,
   # so that the user skips the authorization step.
   # For example if dealing with a trusted application.
-  #
-  # skip_authorization do |resource_owner, client|
-  #   client.superapp? or resource_owner.admin?
-  # end
+
+  skip_authorization do |_, client|
+    client.scopes.include?("skip_authorization")
+  end
 
   # Configure custom constraints for the Token Introspection request.
   # By default this configuration option allows to introspect a token by another
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 89a869683..9d280bf02 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2343,6 +2343,7 @@ en:
       write_gpx: Upload GPS traces
       write_notes: Modify notes
       read_email: Read user email address
+      skip_authorization: Auto approve application
   oauth_clients:
     new:
       title: "Register a new application"
diff --git a/lib/oauth.rb b/lib/oauth.rb
index 07e54d858..7ff2ba8b4 100644
--- a/lib/oauth.rb
+++ b/lib/oauth.rb
@@ -1,6 +1,6 @@
 module Oauth
   SCOPES = %w[read_prefs write_prefs write_diary write_api read_gpx write_gpx write_notes].freeze
-  PRIVILEGED_SCOPES = %w[read_email].freeze
+  PRIVILEGED_SCOPES = %w[read_email skip_authorization].freeze
 
   class Scope
     attr_reader :name