From e4ce1c5f2fa76ecb4a5d3bdf36fab7f6f389f881 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 1 Jul 2021 16:26:17 +0100
Subject: [PATCH] Check that the permission is non-zero

Fixes #3241
---
 app/controllers/oauth_controller.rb | 2 +-
 test/integration/oauth_test.rb      | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb
index babd27c53..7ab7f6835 100644
--- a/app/controllers/oauth_controller.rb
+++ b/app/controllers/oauth_controller.rb
@@ -27,7 +27,7 @@ class OauthController < ApplicationController
     any_auth = false
 
     @token.client_application.permissions.each do |pref|
-      if params[pref]
+      if params[pref].to_i.nonzero?
         @token.write_attribute(pref, true)
         any_auth ||= true
       else
diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb
index 1505cb34a..579941774 100644
--- a/test/integration/oauth_test.rb
+++ b/test/integration/oauth_test.rb
@@ -68,7 +68,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }
     if client.callback_url
       assert_response :redirect
       assert_redirected_to "#{client.callback_url}?oauth_token=#{token.token}"
@@ -151,7 +151,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token, :oauth_callback => callback_url,
-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }
     assert_response :redirect
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}"
     token.reload
@@ -198,7 +198,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }
     if client.callback_url
       assert_response :redirect
       verifier = parse_verifier(response)
@@ -257,7 +257,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }
     assert_response :redirect
     verifier = parse_verifier(response)
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}&oauth_verifier=#{verifier}"
-- 
2.39.5