Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upApplication prefs section #2758
Conversation
muffinista
added some commits
May 1, 2017
| @@ -45,7 +45,7 @@ | ||
| # Optional parameter :confirmation => true (default false) if you want to enforce ownership of | ||
| # a registered application | ||
| # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support | ||
| - # enable_application_owner :confirmation => true | ||
| + enable_application_owner |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
beatrix-bitrot
May 7, 2017
Collaborator
does this have any effects on applications that exist already before these changes are applied?
beatrix-bitrot
May 7, 2017
Collaborator
does this have any effects on applications that exist already before these changes are applied?
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
May 7, 2017
Contributor
I don't believe so, and I'm running it in production with no reported issues.
muffinista
May 7, 2017
Contributor
I don't believe so, and I'm running it in production with no reported issues.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
beatrix-bitrot
May 10, 2017
Collaborator
that was my only concern really. there are some merge conflicts so i'm going to mark this as requesting changes
beatrix-bitrot
May 10, 2017
Collaborator
that was my only concern really. there are some merge conflicts so i'm going to mark this as requesting changes
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 19, 2017
Collaborator
I'm not sure even why owner is required. Could you explain the reason?
akihikodaki
Jun 19, 2017
Collaborator
I'm not sure even why owner is required. Could you explain the reason?
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
Jun 25, 2017
Contributor
Yes, it sets the application owner to the current user if that data is available. Without that, we can't associate apps with owners.
muffinista
Jun 25, 2017
Contributor
Yes, it sets the application owner to the current user if that data is available. Without that, we can't associate apps with owners.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 26, 2017
Collaborator
I mean I doubt associating apps with owners is necessary. Isn't tracking access tokens with resource owners enough?
akihikodaki
Jun 26, 2017
Collaborator
I mean I doubt associating apps with owners is necessary. Isn't tracking access tokens with resource owners enough?
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
Jun 26, 2017
Contributor
Maybe I'm missing something. The whole point of this PR is to associate applications with their creator so they can be managed and displayed in the settings section of that user. While tokens have an associated user, its very difficult to use that link to actually do any management of the app without some brittle hacks.
muffinista
Jun 26, 2017
Contributor
Maybe I'm missing something. The whole point of this PR is to associate applications with their creator so they can be managed and displayed in the settings section of that user. While tokens have an associated user, its very difficult to use that link to actually do any management of the app without some brittle hacks.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
| @@ -45,7 +45,7 @@ | ||
| # Optional parameter :confirmation => true (default false) if you want to enforce ownership of | ||
| # a registered application | ||
| # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support | ||
| - # enable_application_owner :confirmation => true | ||
| + enable_application_owner |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
beatrix-bitrot
May 10, 2017
Collaborator
that was my only concern really. there are some merge conflicts so i'm going to mark this as requesting changes
beatrix-bitrot
May 10, 2017
Collaborator
that was my only concern really. there are some merge conflicts so i'm going to mark this as requesting changes
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
OK, conflicts should be resolved, thanks! |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
May 10, 2017
Contributor
So sorry about that! I'm travelling and made a typo using the github inline editor. CI is passing now.
|
So sorry about that! I'm travelling and made a typo using the github inline editor. CI is passing now. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
beatrix-bitrot
May 11, 2017
Collaborator
No worries. Also sorry to ask but could you add a screenshot or two? I'm trying to take a little more care with my reviews and so I'd either want to run your changes on one of my servers before approving or at least see how it looks in some screenshots.
|
No worries. Also sorry to ask but could you add a screenshot or two? I'm trying to take a little more care with my reviews and so I'd either want to run your changes on one of my servers before approving or at least see how it looks in some screenshots. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
May 11, 2017
Contributor
No problem at all. First, the code is running on botsin.space if you want to create an account.
Here's the app list:
Here's the Create New App page:
The app page, with tokens:
|
No problem at all. First, the code is running on botsin.space if you want to create an account. Here's the app list:
Here's the Create New App page:
The app page, with tokens: |
muffinista
added some commits
May 23, 2017
akihikodaki
added
the
enhancement
label
Jun 3, 2017
beatrix-bitrot
requested a review
from
akihikodaki
Jun 18, 2017
akihikodaki
requested changes
Jun 19, 2017
It may be good to have a notice to tell users to keep tokens secret to the application page.
Mastodon has a variety of users and some of them are not familiar with them.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
nightpool
Jun 19, 2017
Collaborator
Is there a reason the redirect URI is a textarea instead of just an input? the styling looks odd.
|
Is there a reason the redirect URI is a textarea instead of just an input? the styling looks odd. |
akihikodaki
requested changes
Jun 19, 2017
For reuqests of additional tests; pending examples would be sufficient to merge this change, but actual examples will be appreciated.
Thank you for your contribution. This feature is essential.
| + describe 'GET #show' do | ||
| + it 'returns http success' do | ||
| + get :show, params: { id: app.id } | ||
| + expect(response).to have_http_status(:success) |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 19, 2017
Collaborator
Spec that it acutally shows the application. (testing assigns(:application) is enough.)
akihikodaki
Jun 19, 2017
Collaborator
Spec that it acutally shows the application. (testing assigns(:application) is enough.)
| + end | ||
| + | ||
| + describe 'POST #create' do | ||
| + describe 'success' do |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 19, 2017
Collaborator
- Test if it actually creates an application.
- Use
contextinstead ofdescribe.
akihikodaki
Jun 19, 2017
Collaborator
- Test if it actually creates an application.
- Use
contextinstead ofdescribe.
| + end | ||
| + | ||
| + describe 'PUT #update' do | ||
| + describe 'success' do |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 19, 2017
Collaborator
- Test if it actually updates an application.
- Use
contextinstead ofdescribe.
akihikodaki
Jun 19, 2017
Collaborator
- Test if it actually updates an application.
- Use
contextinstead ofdescribe.
| + end | ||
| + end | ||
| + | ||
| + describe 'PUT #update' do |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
| + end | ||
| + | ||
| + it 'should create new token' do | ||
| + expect( user.token_for_app(app) ).to_not eql(token) |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
| + end | ||
| + | ||
| + it 'is nil if user does not own app' do | ||
| + app.owner = nil |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 19, 2017
Collaborator
Use update! instead of a combination of an assignment and save!.
akihikodaki
Jun 19, 2017
Collaborator
Use update! instead of a combination of an assignment and save!.
| @@ -45,7 +45,7 @@ | ||
| # Optional parameter :confirmation => true (default false) if you want to enforce ownership of | ||
| # a registered application | ||
| # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support | ||
| - # enable_application_owner :confirmation => true | ||
| + enable_application_owner |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 19, 2017
Collaborator
I'm not sure even why owner is required. Could you explain the reason?
akihikodaki
Jun 19, 2017
Collaborator
I'm not sure even why owner is required. Could you explain the reason?
akihikodaki
added
the
security
label
Jun 19, 2017
muffinista
added some commits
Jun 26, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
Jun 26, 2017
Contributor
Thanks for the feedback! I think I've addressed most of the concerns raised here. I've updated the specs, added a note about not sharing API keys, and made a few other changes. I didn't change the textarea for the redirect URL for while I agree with @nightpool that the textarea looks a little weird here (especially with the default redirect), it makes it a lot easier to see URLs that are longer. I would be fine with changing it to a normal input though.
|
Thanks for the feedback! I think I've addressed most of the concerns raised here. I've updated the specs, added a note about not sharing API keys, and made a few other changes. I didn't change the textarea for the redirect URL for while I agree with @nightpool that the textarea looks a little weird here (especially with the default redirect), it makes it a lot easier to see URLs that are longer. I would be fine with changing it to a normal input though. |
akihikodaki
requested changes
Jun 27, 2017
I request some minor changes. This change will be ready to merge after they are addressed.
| + end | ||
| + | ||
| + it 'returns 404 if you dont own app' do | ||
| + app.owner = nil |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
| + | ||
| + describe 'GET #index' do | ||
| + let(:other_app) { Fabricate(:application) } | ||
| + before { |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
| + end | ||
| + | ||
| + it 'removes the app' do | ||
| + expect(Doorkeeper::Application.find_by(id: app.id)).to be nil |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
akihikodaki
Jun 27, 2017
Collaborator
This is trivial, but be nil is used here while the other part uses be_nil. Anyway we do not have standard about that as far as I know, so it does not blocking merging.
akihikodaki
Jun 27, 2017
Collaborator
This is trivial, but be nil is used here while the other part uses be_nil. Anyway we do not have standard about that as far as I know, so it does not blocking merging.
muffinista
added some commits
Jun 27, 2017
muffinista
added some commits
Jul 28, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
Aug 16, 2017
Contributor
@beatrix-bitrot @akihikodaki pinging to check if/when this might be merged, and if anything else is needed to help with that? thanks!
|
@beatrix-bitrot @akihikodaki pinging to check if/when this might be merged, and if anything else is needed to help with that? thanks! |
beatrix-bitrot
dismissed
their
stale review
Aug 16, 2017
requested changes were addressed
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
@Gargron please merge, request changes, or close this~ |
| +class ReAddOwnerToApplication < ActiveRecord::Migration[5.0] | ||
| + def change | ||
| + add_column :oauth_applications, :owner_id, :integer, null: true | ||
| + add_column :oauth_applications, :owner_type, :string, null: true |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Gargron
Aug 21, 2017
Member
Wait, does this have to be polymorphic? We're never gonna attach the application to anything other than User. If this could be only owner_id with a foreign key ensuring integrity with the users table, that'd be far better.
Gargron
Aug 21, 2017
Member
Wait, does this have to be polymorphic? We're never gonna attach the application to anything other than User. If this could be only owner_id with a foreign key ensuring integrity with the users table, that'd be far better.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
muffinista
Aug 22, 2017
Contributor
Adding the foreign key is no problem, it should be in the PR now.
I'm reluctant to remove the polymorphic association because it's part of Doorkeeper and the underlying code expects it, and removing it could have some weird side-effects. At the very least, removing owner_type breaks a bunch of specs I wrote which rely on the Application fabricator and while I can probably figure out a way around that issue, it seems like it would introduce a lot of potential fragility.
muffinista
Aug 22, 2017
•
edited
Edited 1 time
-
muffinista
edited Aug 22, 2017 (most recent)
Contributor
edited
-
Aug 22, 2017 (most recent)
Adding the foreign key is no problem, it should be in the PR now.
I'm reluctant to remove the polymorphic association because it's part of Doorkeeper and the underlying code expects it, and removing it could have some weird side-effects. At the very least, removing owner_type breaks a bunch of specs I wrote which rely on the Application fabricator and while I can probably figure out a way around that issue, it seems like it would introduce a lot of potential fragility.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Gargron
Aug 22, 2017
Member
Alright, that will do for now, since owner_type is essentially redundant.
Gargron
Aug 22, 2017
Member
Alright, that will do for now, since owner_type is essentially redundant.
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Gargron
merged commit 871c0d2
into
tootsuite:master
Aug 22, 2017
added a commit
to lindwurm/mastodon
that referenced
this pull request
Aug 22, 2017
added a commit
to ykzts/mastodon
that referenced
this pull request
Aug 22, 2017
ykzts
referenced this pull request
Aug 22, 2017
Merged
Add Japanese translations for #2758, #4506, #4521, #4600 and #4664 #4665
added a commit
that referenced
this pull request
Aug 23, 2017
added a commit
to lindwurm/mastodon
that referenced
this pull request
Aug 27, 2017
added a commit
to YaQ00/mastodon
that referenced
this pull request
Sep 5, 2017
added a commit
to YaQ00/mastodon
that referenced
this pull request
Sep 5, 2017
added a commit
to Arukas/mastodon
that referenced
this pull request
Sep 8, 2017
added a commit
to Arukas/mastodon
that referenced
this pull request
Sep 8, 2017
muffinista commentedMay 3, 2017
This adds a page to the preferences section to manage credentials for user-created applications.
The goal here is to make it easier for users to manage scripts that require API access. This could be clients, scripts that do some sort of data management, bots, etc. While it's obviously possible to get credentials for a script right now, it's a bit challenging and involved. With this code, you can create an app in the preferences section, and get a token right there. You can also regenerate your token if needed.
These changes also address an issue that exists in the code right now, which is that there is no way to edit the name or website of an app right now.