--- /dev/null
+# frozen_string_literal: true
+
+class Api::V1::Apps::CredentialsController < Api::BaseController
+ before_action -> { doorkeeper_authorize! :read }
+
+ respond_to :json
+
+ def show
+ render json: doorkeeper_token.application, serializer: REST::StatusSerializer::ApplicationSerializer
+ end
+end
# frozen_string_literal: true
class Api::V1::AppsController < Api::BaseController
- respond_to :json
-
def create
@app = Doorkeeper::Application.create!(application_options)
render json: @app, serializer: REST::ApplicationSerializer
resources :follows, only: [:create]
resources :media, only: [:create, :update]
- resources :apps, only: [:create]
resources :blocks, only: [:index]
resources :mutes, only: [:index]
resources :favourites, only: [:index]
resources :reports, only: [:index, :create]
+ namespace :apps do
+ get :verify_credentials, to: 'credentials#show'
+ end
+
+ resources :apps, only: [:create]
+
resource :instance, only: [:show]
resource :domain_blocks, only: [:show, :create, :destroy]
--- /dev/null
+require 'rails_helper'
+
+describe Api::V1::Apps::CredentialsController do
+ render_views
+
+ let(:token) { Fabricate(:accessible_access_token, scopes: 'read', application: Fabricate(:application)) }
+
+ context 'with an oauth token' do
+ before do
+ allow(controller).to receive(:doorkeeper_token) { token }
+ end
+
+ describe 'GET #show' do
+ before do
+ get :show
+ end
+
+ it 'returns http success' do
+ expect(response).to have_http_status(:success)
+ end
+
+ it 'does not contain client credentials' do
+ json = body_as_json
+
+ expect(json).to_not have_key(:client_secret)
+ expect(json).to_not have_key(:client_id)
+ end
+ end
+ end
+
+ context 'without an oauth token' do
+ before do
+ allow(controller).to receive(:doorkeeper_token) { nil }
+ end
+
+ describe 'GET #show' do
+ it 'returns http unauthorized' do
+ get :show
+ expect(response).to have_http_status(:unauthorized)
+ end
+ end
+ end
+end
cat aescling's git repositories / mastodon.git / commitdiff