From 31659bedbe22001bc304e5c7c92c7b67b87d74e2 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Sun, 28 Jan 2024 19:42:06 +0000 Subject: [PATCH] Allow registration of OAuth 1.0 applications to be disabled --- app/controllers/oauth_clients_controller.rb | 7 ++++++- app/views/oauth_clients/index.html.erb | 2 ++ config/locales/en.yml | 1 + config/settings.yml | 1 + .../controllers/oauth_clients_controller_test.rb | 16 ++++++++++++++++ test/test_helper.rb | 10 ++++++++++ 6 files changed, 36 insertions(+), 1 deletion(-) diff --git a/app/controllers/oauth_clients_controller.rb b/app/controllers/oauth_clients_controller.rb index 44dacde6d..42b0921f1 100644 --- a/app/controllers/oauth_clients_controller.rb +++ b/app/controllers/oauth_clients_controller.rb @@ -19,7 +19,12 @@ class OauthClientsController < ApplicationController end def new - @client_application = ClientApplication.new + if Settings.oauth_10_registration + @client_application = ClientApplication.new + else + flash[:error] = t ".disabled" + redirect_to :action => "index" + end end def edit diff --git a/app/views/oauth_clients/index.html.erb b/app/views/oauth_clients/index.html.erb index a08b3c0ff..b4c2558cf 100644 --- a/app/views/oauth_clients/index.html.erb +++ b/app/views/oauth_clients/index.html.erb @@ -42,4 +42,6 @@ <% end %> <% end %> +<% if Settings.oauth_10_registration -%> <%= link_to t(".register_new"), { :action => :new }, :class => "btn btn-outline-primary" %> +<% end -%> diff --git a/config/locales/en.yml b/config/locales/en.yml index aae35a788..6a3c880c4 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -2602,6 +2602,7 @@ en: oauth_clients: new: title: "Register a new application" + disabled: "Registration of OAuth 1 applications has been disabled" edit: title: "Edit your application" show: diff --git a/config/settings.yml b/config/settings.yml index 1c9c7e0a1..6eab4807e 100644 --- a/config/settings.yml +++ b/config/settings.yml @@ -97,6 +97,7 @@ attachments_dir: ":rails_root/public/attachments" basic_auth_support: true # Enable legacy OAuth 1.0 support oauth_10_support: true +oauth_10_registration: true # URL of Nominatim instance to use for geocoding nominatim_url: "https://nominatim.openstreetmap.org/" # Default editor diff --git a/test/controllers/oauth_clients_controller_test.rb b/test/controllers/oauth_clients_controller_test.rb index fb651ff3c..f106b4af6 100644 --- a/test/controllers/oauth_clients_controller_test.rb +++ b/test/controllers/oauth_clients_controller_test.rb @@ -74,6 +74,22 @@ class OauthClientsControllerTest < ActionDispatch::IntegrationTest end end + def test_new_disabled + user = create(:user) + + with_settings(:oauth_10_registration => false) do + get new_oauth_client_path(:display_name => user.display_name) + assert_response :redirect + assert_redirected_to login_path(:referer => new_oauth_client_path(:display_name => user.display_name)) + + session_for(user) + + get new_oauth_client_path(:display_name => user.display_name) + assert_response :redirect + assert_redirected_to oauth_clients_path(:display_name => user.display_name) + end + end + def test_create user = create(:user) diff --git a/test/test_helper.rb b/test/test_helper.rb index 222e65764..5bf8a5239 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -374,6 +374,16 @@ module ActiveSupport end end + def with_settings(settings) + saved_settings = Settings.to_hash.slice(*settings.keys) + + Settings.merge!(settings) + + yield + ensure + Settings.merge!(saved_settings) + end + def with_user_account_deletion_delay(value) freeze_time default_value = Settings.user_account_deletion_delay -- 2.39.5