gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-07-15 08:48:15 +00:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity

Assert usage of client credentials for account registration (#34828)
Some checks failed
Bundler Audit / security (push) Waiting to run
Details
Check i18n / check-i18n (push) Waiting to run
Details
CodeQL / Analyze (javascript) (push) Waiting to run
Details
CodeQL / Analyze (ruby) (push) Waiting to run
Details
Check formatting / lint (push) Waiting to run
Details
Haml Linting / lint (push) Waiting to run
Details
Ruby Linting / lint (push) Waiting to run
Details
Historical data migration test / test (14-alpine) (push) Waiting to run
Details
Historical data migration test / test (15-alpine) (push) Waiting to run
Details
Historical data migration test / test (16-alpine) (push) Waiting to run
Details
Historical data migration test / test (17-alpine) (push) Waiting to run
Details
Ruby Testing / build (production) (push) Waiting to run
Details
Ruby Testing / build (test) (push) Waiting to run
Details
Ruby Testing / test (.ruby-version) (push) Blocked by required conditions
Details
Ruby Testing / test (3.2) (push) Blocked by required conditions
Details
Ruby Testing / test (3.3) (push) Blocked by required conditions
Details
Ruby Testing / ImageMagick tests (.ruby-version) (push) Blocked by required conditions
Details
Ruby Testing / ImageMagick tests (3.2) (push) Blocked by required conditions
Details
Ruby Testing / ImageMagick tests (3.3) (push) Blocked by required conditions
Details
Ruby Testing / End to End testing (.ruby-version) (push) Blocked by required conditions
Details
Ruby Testing / End to End testing (3.2) (push) Blocked by required conditions
Details
Ruby Testing / End to End testing (3.3) (push) Blocked by required conditions
Details
Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
Details
Ruby Testing / Elastic Search integration testing (.ruby-version, docker.elastic.co/elasticsearch/elasticsearch:8.10.2) (push) Blocked by required conditions
Details
Ruby Testing / Elastic Search integration testing (.ruby-version, opensearchproject/opensearch:2) (push) Blocked by required conditions
Details
Ruby Testing / Elastic Search integration testing (3.2, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
Details
Ruby Testing / Elastic Search integration testing (3.3, docker.elastic.co/elasticsearch/elasticsearch:7.17.13) (push) Blocked by required conditions
Details
CSS Linting / lint (push) Has been cancelled
Details
JavaScript Linting / lint (push) Has been cancelled
Details
JavaScript Testing / test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Emelia Smith 2025-05-28 14:09:32 +02:00 committed by GitHub
parent 6ffa262546
commit a73ade526a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/api/base_controller.rb
View File

@ -50,6 +50,10 @@ class Api::BaseController < ApplicationController
nil
end
def require_client_credentials!
render json: { error: 'This method requires an client credentials authentication' }, status: 403 if doorkeeper_token.resource_owner_id.present?
end
def require_authenticated_user!
render json: { error: 'This method requires an authenticated user' }, status: 401 unless current_user
end

1
app/controllers/api/v1/accounts_controller.rb
View File

@ -10,6 +10,7 @@ class Api::V1::AccountsController < Api::BaseController
before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:create]
before_action :require_user!, except: [:index, :show, :create]
before_action :require_client_credentials!, only: [:create]
before_action :set_account, except: [:index, :create]
before_action :set_accounts, only: [:index]
before_action :check_account_approval, except: [:index, :create]

5
spec/fabricators/client_credentials_token_fabricator.rb Normal file
View File

@ -0,0 +1,5 @@
# frozen_string_literal: true
Fabricator :client_credentials_token, from: :accessible_access_token do
resource_owner_id { nil }
end

19
spec/requests/api/v1/accounts_spec.rb
View File

@ -78,10 +78,27 @@ RSpec.describe '/api/v1/accounts' do
end
let(:client_app) { Fabricate(:application) }
let(:token) { Doorkeeper::AccessToken.find_or_create_for(application: client_app, resource_owner: nil, scopes: 'read write', use_refresh_token: false) }
let(:token) { Fabricate(:client_credentials_token, application: client_app, scopes: 'read write') }
let(:agreement) { nil }
let(:date_of_birth) { nil }
context 'when not using client credentials token' do
let(:token) { Fabricate(:accessible_access_token, application: client_app, scopes: 'read write', resource_owner_id: user.id) }
it 'returns http forbidden error' do
subject
expect(response).to have_http_status(403)
expect(response.content_type)
.to start_with('application/json')
expect(response.parsed_body)
.to include(
error: 'This method requires an client credentials authentication'
)
end
end
context 'when age verification is enabled' do
before do
Setting.min_age = 16