Fix #5104 - GET /api/v1/apps/verify_credentials to confirm app works (#5112)

6 년 전 · eb605141ff
--- a/app/controllers/api/v1/apps/credentials_controller.rb
+++ b/app/controllers/api/v1/apps/credentials_controller.rb
@@ -0,0 +1,11 @@
 # frozen_string_literal: true

 class Api::V1::Apps::CredentialsController < Api::BaseController
  before_action -> { doorkeeper_authorize! :read }

  respond_to :json

  def show
    render json: doorkeeper_token.application, serializer: REST::StatusSerializer::ApplicationSerializer
  end
 end
--- a/app/controllers/api/v1/apps_controller.rb
+++ b/app/controllers/api/v1/apps_controller.rb
@@ -1,8 +1,6 @@
 # frozen_string_literal: true

 class Api::V1::AppsController < Api::BaseController
  respond_to :json

  def create
    @app = Doorkeeper::Application.create!(application_options)
    render json: @app, serializer: REST::ApplicationSerializer
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -194,12 +194,17 @@ Rails.application.routes.draw do

      resources :follows,    only: [:create]
      resources :media,      only: [:create, :update]
      resources :apps,       only: [:create]
      resources :blocks,     only: [:index]
      resources :mutes,      only: [:index]
      resources :favourites, only: [:index]
      resources :reports,    only: [:index, :create]

      namespace :apps do
        get :verify_credentials, to: 'credentials#show'
      end

      resources :apps, only: [:create]

      resource :instance,      only: [:show]
      resource :domain_blocks, only: [:show, :create, :destroy]

--- a/spec/controllers/api/v1/apps/credentials_controller_spec.rb
+++ b/spec/controllers/api/v1/apps/credentials_controller_spec.rb
@@ -0,0 +1,43 @@
 require 'rails_helper'

 describe Api::V1::Apps::CredentialsController do
  render_views

  let(:token) { Fabricate(:accessible_access_token, scopes: 'read', application: Fabricate(:application)) }

  context 'with an oauth token' do
    before do
      allow(controller).to receive(:doorkeeper_token) { token }
    end

    describe 'GET #show' do
      before do
        get :show
      end

      it 'returns http success' do
        expect(response).to have_http_status(:success)
      end

      it 'does not contain client credentials' do
        json = body_as_json

        expect(json).to_not have_key(:client_secret)
        expect(json).to_not have_key(:client_id)
      end
    end
  end

  context 'without an oauth token' do
    before do
      allow(controller).to receive(:doorkeeper_token) { nil }
    end

    describe 'GET #show' do
      it 'returns http unauthorized' do
        get :show
        expect(response).to have_http_status(:unauthorized)
      end
    end
  end
 end