Discourse/discourse
Discourse/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-09-07 12:02:53 +08:00
Code Packages Activity Actions 5

FEATURE: Make auth_redirect param options on user_api_keys

Browse source 
This is a possible solution for https://meta.discourse.org/t/user-api-keys-specification/48536/19
This allows for user-api-key requests to not require a redirect url.
Instead, the encypted payload will just be displayed after creation  ( which can be copied
pasted into an env for a CLI, for example  )

Also: Show instructions when creating user-api-key w/out redirect

This adds a view to show instructions when requesting a user-api-key
without a redirect. It adds a erb template and json format.
Also adds a i18n user_api_key.instructions for server.en.yml
This commit is contained in:
cfitz 2019-01-04 04:46:18 +01:00 committed by Sam
parent d0f38dbb07
commit 19d7545318
5 changed files with 56 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

35
spec/requests/user_api_keys_controller_spec.rb
View file

@ -205,5 +205,40 @@ describe UserApiKeysController do
expect(response.status).to eq(302)
end
it "will just show the payload if no redirect" do
user = Fabricate(:user, trust_level: 0)
sign_in(user)
args.delete(:auth_redirect)
SiteSetting.min_trust_level_for_user_api_key = 0
post "/user-api-key", params: args
expect(response.status).not_to eq(302)
payload = Nokogiri::HTML(response.body).at('code').content
encrypted = Base64.decode64(payload)
key = OpenSSL::PKey::RSA.new(private_key)
parsed = JSON.parse(key.private_decrypt(encrypted))
api_key = UserApiKey.find_by(key: parsed["key"])
expect(api_key.user_id).to eq(user.id)
end
it "will just show the JSON payload if no redirect" do
user = Fabricate(:user, trust_level: 0)
sign_in(user)
args.delete(:auth_redirect)
SiteSetting.min_trust_level_for_user_api_key = 0
post "/user-api-key.json", params: args
expect(response.status).not_to eq(302)
payload = JSON.parse(response.body)["payload"]
encrypted = Base64.decode64(payload)
key = OpenSSL::PKey::RSA.new(private_key)
parsed = JSON.parse(key.private_decrypt(encrypted))
api_key = UserApiKey.find_by(key: parsed["key"])
expect(api_key.user_id).to eq(user.id)
end
end
end