github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 07:11:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Require at least one scope for API key granular mode (#31253)

Browse Source 
Currently, if creating an API key in "granular" mode, and not selecting any scopes, a globally scoped API key is created. This can be surprising and is not ideal. Having a key with no scopes isn't useful in the first place, so this PR adds client- and server side validations to check that at least one scope is selected if using "granular" mode.
This commit is contained in:
Ted Johansson
2025-02-10 13:22:08 +08:00
committed by GitHub
parent 7be88bbe8a
commit 3d11e3ca10
7 changed files with 55 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
spec/models/api_key_spec.rb
View File

@ -8,6 +8,15 @@ RSpec.describe ApiKey do
it { is_expected.to belong_to :created_by }
it { is_expected.to validate_length_of(:description).is_at_most(255) }
it "validates at least one scope for granular mode" do
api_key = ApiKey.new
api_key.scope_mode = "granular"
api_key.validate
expect(api_key.errors).to contain_exactly("Api key scopes at least one must be selected")
end
it "generates a key when saving" do
api_key = ApiKey.new
api_key.save!