Allow registration of OAuth 1.0 applications to be disabled

2024-01-28 19:42:06 +00:00 · 2024-01-28 19:42:06 +00:00 · 31659bedbe
commit 31659bedbe
parent 3ab9da6c6b
6 changed files with 36 additions and 1 deletions
--- a/app/controllers/oauth_clients_controller.rb
+++ b/app/controllers/oauth_clients_controller.rb
@ -19,7 +19,12 @@ class OauthClientsController < ApplicationController
  end

  def new
-    @client_application = ClientApplication.new
+    if Settings.oauth_10_registration
+      @client_application = ClientApplication.new
+    else
+      flash[:error] = t ".disabled"
+      redirect_to :action => "index"
+    end
  end

  def edit
--- a/app/views/oauth_clients/index.html.erb
+++ b/app/views/oauth_clients/index.html.erb
@ -42,4 +42,6 @@
  <% end %>
 </ul>
 <% end %>
+<% if Settings.oauth_10_registration -%>
 <%= link_to t(".register_new"), { :action => :new }, :class => "btn btn-outline-primary" %>
+<% end -%>
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -2602,6 +2602,7 @@ en:
  oauth_clients:
    new:
      title: "Register a new application"
+      disabled: "Registration of OAuth 1 applications has been disabled"
    edit:
      title: "Edit your application"
    show:
--- a/config/settings.yml
+++ b/config/settings.yml
@ -97,6 +97,7 @@ attachments_dir: ":rails_root/public/attachments"
 basic_auth_support: true
 # Enable legacy OAuth 1.0 support
 oauth_10_support: true
+oauth_10_registration: true
 # URL of Nominatim instance to use for geocoding
 nominatim_url: "https://nominatim.openstreetmap.org/"
 # Default editor
--- a/test/controllers/oauth_clients_controller_test.rb
+++ b/test/controllers/oauth_clients_controller_test.rb
@ -74,6 +74,22 @@ class OauthClientsControllerTest < ActionDispatch::IntegrationTest
    end
  end

+  def test_new_disabled
+    user = create(:user)
+
+    with_settings(:oauth_10_registration => false) do
+      get new_oauth_client_path(:display_name => user.display_name)
+      assert_response :redirect
+      assert_redirected_to login_path(:referer => new_oauth_client_path(:display_name => user.display_name))
+
+      session_for(user)
+
+      get new_oauth_client_path(:display_name => user.display_name)
+      assert_response :redirect
+      assert_redirected_to oauth_clients_path(:display_name => user.display_name)
+    end
+  end
+
  def test_create
    user = create(:user)

--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@ -374,6 +374,16 @@ module ActiveSupport
      end
    end

+    def with_settings(settings)
+      saved_settings = Settings.to_hash.slice(*settings.keys)
+
+      Settings.merge!(settings)
+
+      yield
+    ensure
+      Settings.merge!(saved_settings)
+    end
+
    def with_user_account_deletion_delay(value)
      freeze_time
      default_value = Settings.user_account_deletion_delay