github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 22:43:33 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: allow user api key revocation for read only keys

Browse Source
This commit is contained in:
Sam
2016-09-02 16:57:41 +10:00
parent df8d24734a
commit be0fd5b4cc
4 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
spec/controllers/user_api_keys_controller_spec.rb
View File

@ -94,6 +94,27 @@ TXT
end
it "will not allow readonly api keys to revoke others" do
key1 = Fabricate(:readonly_user_api_key)
key2 = Fabricate(:readonly_user_api_key)
request.env['HTTP_USER_API_KEY'] = key1.key
post :revoke, id: key2.id
expect(response.status).to eq(403)
end
it "will allow readonly api keys to revoke self" do
key = Fabricate(:readonly_user_api_key)
request.env['HTTP_USER_API_KEY'] = key.key
post :revoke, id: key.id
expect(response.status).to eq(200)
key.reload
expect(key.revoked_at).not_to eq(nil)
end
it "will not return p access if not yet configured" do
SiteSetting.min_trust_level_for_user_api_key = 0
SiteSetting.allowed_user_api_auth_redirects = args[:auth_redirect]