github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 15:28:37 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Require permitted scopes when registering a client (#29718)

Browse Source
This commit is contained in:
Angus McLeod
2024-11-19 21:28:04 +01:00
committed by GitHub
parent 4f11d16deb
commit ec7de0fd68
12 changed files with 259 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/models/user_api_key_client.rb
View File

@ -2,6 +2,14 @@
class UserApiKeyClient < ActiveRecord::Base
has_many :keys, class_name: "UserApiKey", dependent: :destroy
has_many :scopes,
class_name: "UserApiKeyClientScope",
foreign_key: "user_api_key_client_id",
dependent: :destroy
def allowed_scopes
Set.new(scopes.map(&:name))
end
def self.invalid_auth_redirect?(auth_redirect, client: nil)
return false if client&.auth_redirect == auth_redirect