Check that the permission is non-zero

Fixes #3241
openstreetmap · Jul 1, 2021 · e4ce1c5 · e4ce1c5
1 parent 433ec44
commit e4ce1c5
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb
@@ -27,7 +27,7 @@ def user_authorizes_token?
     any_auth = false
 
     @token.client_application.permissions.each do |pref|
-      if params[pref]
+      if params[pref].to_i.nonzero?
         @token.write_attribute(pref, true)
         any_auth ||= true
       else

diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb
@@ -68,7 +68,7 @@ def oauth10_without_callback(client)
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }
     if client.callback_url
       assert_response :redirect
       assert_redirected_to "#{client.callback_url}?oauth_token=#{token.token}"
@@ -151,7 +151,7 @@ def oauth10_with_callback(client, callback_url)
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token, :oauth_callback => callback_url,
-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }
     assert_response :redirect
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}"
     token.reload
@@ -198,7 +198,7 @@ def oauth10a_without_callback(client)
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }
     if client.callback_url
       assert_response :redirect
       verifier = parse_verifier(response)
@@ -257,7 +257,7 @@ def oauth10a_with_callback(client, callback_url)
 
     post "/oauth/authorize",
          :params => { :oauth_token => token.token,
-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }
     assert_response :redirect
     verifier = parse_verifier(response)
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}&oauth_verifier=#{verifier}"