diff --git a/app/controllers/api/v1/apps/credentials_controller.rb b/app/controllers/api/v1/apps/credentials_controller.rb new file mode 100644 index 00000000000..e469c7d2104 --- /dev/null +++ b/app/controllers/api/v1/apps/credentials_controller.rb @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +class Api::V1::Apps::CredentialsController < Api::BaseController + before_action -> { doorkeeper_authorize! :read } + + respond_to :json + + def show + render json: doorkeeper_token.application, serializer: REST::StatusSerializer::ApplicationSerializer + end +end diff --git a/app/controllers/api/v1/apps_controller.rb b/app/controllers/api/v1/apps_controller.rb index 44a27b20a22..e9f7a7291c1 100644 --- a/app/controllers/api/v1/apps_controller.rb +++ b/app/controllers/api/v1/apps_controller.rb @@ -1,8 +1,6 @@ # frozen_string_literal: true class Api::V1::AppsController < Api::BaseController - respond_to :json - def create @app = Doorkeeper::Application.create!(application_options) render json: @app, serializer: REST::ApplicationSerializer diff --git a/config/routes.rb b/config/routes.rb index ad2d8fca23d..de3c1e0f9c4 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -194,12 +194,17 @@ Rails.application.routes.draw do resources :follows, only: [:create] resources :media, only: [:create, :update] - resources :apps, only: [:create] resources :blocks, only: [:index] resources :mutes, only: [:index] resources :favourites, only: [:index] resources :reports, only: [:index, :create] + namespace :apps do + get :verify_credentials, to: 'credentials#show' + end + + resources :apps, only: [:create] + resource :instance, only: [:show] resource :domain_blocks, only: [:show, :create, :destroy] diff --git a/spec/controllers/api/v1/apps/credentials_controller_spec.rb b/spec/controllers/api/v1/apps/credentials_controller_spec.rb new file mode 100644 index 00000000000..38f2a4e102a --- /dev/null +++ b/spec/controllers/api/v1/apps/credentials_controller_spec.rb @@ -0,0 +1,43 @@ +require 'rails_helper' + +describe Api::V1::Apps::CredentialsController do + render_views + + let(:token) { Fabricate(:accessible_access_token, scopes: 'read', application: Fabricate(:application)) } + + context 'with an oauth token' do + before do + allow(controller).to receive(:doorkeeper_token) { token } + end + + describe 'GET #show' do + before do + get :show + end + + it 'returns http success' do + expect(response).to have_http_status(:success) + end + + it 'does not contain client credentials' do + json = body_as_json + + expect(json).to_not have_key(:client_secret) + expect(json).to_not have_key(:client_id) + end + end + end + + context 'without an oauth token' do + before do + allow(controller).to receive(:doorkeeper_token) { nil } + end + + describe 'GET #show' do + it 'returns http unauthorized' do + get :show + expect(response).to have_http_status(:unauthorized) + end + end + end +end