Allow registration of OAuth 1.0 applications to be disabled

tomhughes · Jan 31, 2024 · 31659be · 31659be
1 parent 3ab9da6
commit 31659be
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 1 deletion.
diff --git a/app/controllers/oauth_clients_controller.rb b/app/controllers/oauth_clients_controller.rb
@@ -19,7 +19,12 @@ def show
   end
 
   def new
-    @client_application = ClientApplication.new
+    if Settings.oauth_10_registration
+      @client_application = ClientApplication.new
+    else
+      flash[:error] = t ".disabled"
+      redirect_to :action => "index"
+    end
   end
 
   def edit

diff --git a/app/views/oauth_clients/index.html.erb b/app/views/oauth_clients/index.html.erb
@@ -42,4 +42,6 @@
   <% end %>
 </ul>
 <% end %>
+<% if Settings.oauth_10_registration -%>
 <%= link_to t(".register_new"), { :action => :new }, :class => "btn btn-outline-primary" %>
+<% end -%>
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -2602,6 +2602,7 @@ en:
   oauth_clients:
     new:
       title: "Register a new application"
+      disabled: "Registration of OAuth 1 applications has been disabled"
     edit:
       title: "Edit your application"
     show:

diff --git a/config/settings.yml b/config/settings.yml
@@ -97,6 +97,7 @@ attachments_dir: ":rails_root/public/attachments"
 basic_auth_support: true
 # Enable legacy OAuth 1.0 support
 oauth_10_support: true
+oauth_10_registration: true
 # URL of Nominatim instance to use for geocoding
 nominatim_url: "https://nominatim.openstreetmap.org/"
 # Default editor

diff --git a/test/controllers/oauth_clients_controller_test.rb b/test/controllers/oauth_clients_controller_test.rb
@@ -74,6 +74,22 @@ def test_new
     end
   end
 
+  def test_new_disabled
+    user = create(:user)
+
+    with_settings(:oauth_10_registration => false) do
+      get new_oauth_client_path(:display_name => user.display_name)
+      assert_response :redirect
+      assert_redirected_to login_path(:referer => new_oauth_client_path(:display_name => user.display_name))
+
+      session_for(user)
+
+      get new_oauth_client_path(:display_name => user.display_name)
+      assert_response :redirect
+      assert_redirected_to oauth_clients_path(:display_name => user.display_name)
+    end
+  end
+
   def test_create
     user = create(:user)
 

diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -374,6 +374,16 @@ def add_tags_to_xml_node(el, tags)
       end
     end
 
+    def with_settings(settings)
+      saved_settings = Settings.to_hash.slice(*settings.keys)
+
+      Settings.merge!(settings)
+
+      yield
+    ensure
+      Settings.merge!(saved_settings)
+    end
+
     def with_user_account_deletion_delay(value)
       freeze_time
       default_value = Settings.user_account_deletion_delay