Require permitted scopes when registering a client (#29718)

2025-05-28 13:51:18 +08:00 · 2024-11-19 21:28:04 +01:00
parent 4f11d16deb
commit ec7de0fd68
12 changed files with 259 additions and 44 deletions
--- a/spec/fabricators/user_api_key_fabricator.rb
+++ b/spec/fabricators/user_api_key_fabricator.rb
@ -14,9 +14,19 @@ end

 Fabricator(:user_api_key_scope)

+Fabricator(:user_api_key_client_scope)
+
 Fabricator(:user_api_key_client) do
+  transient :scopes
+
  client_id { SecureRandom.hex }
  application_name "some app"
+
+  after_create do |client, transients|
+    if transients[:scopes].present?
+      [*transients[:scopes]].each { |scope| client.scopes.create!(name: scope) }
+    end
+  end
 end

 Fabricator(:readonly_user_api_key, from: :user_api_key) do