Allow registration of OAuth 1.0 applications to be disabled

diff --git a/app/controllers/oauth_clients_controller.rb b/app/controllers/oauth_clients_controller.rb
index 44dacde6d72a4ce3a19eb7732eedea58d7c13f7d..42b0921f1f62eedfa6c162cc6b0de5ea613e13fd 100644 (file)
--- a/app/controllers/oauth_clients_controller.rb
+++ b/app/controllers/oauth_clients_controller.rb
@@ -19,7 +19,12 @@ class OauthClientsController < ApplicationController
   end
 
   def new
-    @client_application = ClientApplication.new
+    if Settings.oauth_10_registration
+      @client_application = ClientApplication.new
+    else
+      flash[:error] = t ".disabled"
+      redirect_to :action => "index"
+    end
   end
 
   def edit

diff --git a/app/views/oauth_clients/index.html.erb b/app/views/oauth_clients/index.html.erb
index a08b3c0ffb4e3a5749cdb6e16218ec21a183ac16..b4c2558cfebe816f88d0c8aa592d9adb107049a3 100644 (file)
--- a/app/views/oauth_clients/index.html.erb
+++ b/app/views/oauth_clients/index.html.erb
@@ -42,4 +42,6 @@
   <% end %>
 </ul>
 <% end %>
+<% if Settings.oauth_10_registration -%>
 <%= link_to t(".register_new"), { :action => :new }, :class => "btn btn-outline-primary" %>
+<% end -%>

diff --git a/config/locales/en.yml b/config/locales/en.yml
index aae35a788f7b5ced64518f2dd9bf96bf68a1441a..6a3c880c4481b35d531b49e3e5c799651f1d8466 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -2602,6 +2602,7 @@ en:
   oauth_clients:
     new:
       title: "Register a new application"
+      disabled: "Registration of OAuth 1 applications has been disabled"
     edit:
       title: "Edit your application"
     show:

diff --git a/config/settings.yml b/config/settings.yml
index 1c9c7e0a1123481543d2f2950b733fee71f5aeac..6eab4807ea6daf9ec852d101e123829cc52b4a1b 100644 (file)
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -97,6 +97,7 @@ attachments_dir: ":rails_root/public/attachments"
 basic_auth_support: true
 # Enable legacy OAuth 1.0 support
 oauth_10_support: true
+oauth_10_registration: true
 # URL of Nominatim instance to use for geocoding
 nominatim_url: "https://nominatim.openstreetmap.org/"
 # Default editor

diff --git a/test/controllers/oauth_clients_controller_test.rb b/test/controllers/oauth_clients_controller_test.rb
index fb651ff3c8f5b6ffd68c3ef86dfbc74658ee2085..f106b4af6f1eff6de8d674f5f535c9f7ae857eff 100644 (file)
--- a/test/controllers/oauth_clients_controller_test.rb
+++ b/test/controllers/oauth_clients_controller_test.rb
@@ -74,6 +74,22 @@ class OauthClientsControllerTest < ActionDispatch::IntegrationTest
     end
   end
 
+  def test_new_disabled
+    user = create(:user)
+
+    with_settings(:oauth_10_registration => false) do
+      get new_oauth_client_path(:display_name => user.display_name)
+      assert_response :redirect
+      assert_redirected_to login_path(:referer => new_oauth_client_path(:display_name => user.display_name))
+
+      session_for(user)
+
+      get new_oauth_client_path(:display_name => user.display_name)
+      assert_response :redirect
+      assert_redirected_to oauth_clients_path(:display_name => user.display_name)
+    end
+  end
+
   def test_create
     user = create(:user)
 

diff --git a/test/test_helper.rb b/test/test_helper.rb
index 222e65764d68c25032c88644778564695380403e..5bf8a5239ecfe2c6625eb969b98c625cf5a81484 100644 (file)
--- a/test/test_helper.rb
+++ b/test/test_helper.rb
@@ -374,6 +374,16 @@ module ActiveSupport
       end
     end
 
+    def with_settings(settings)
+      saved_settings = Settings.to_hash.slice(*settings.keys)
+
+      Settings.merge!(settings)
+
+      yield
+    ensure
+      Settings.merge!(saved_settings)
+    end
+
     def with_user_account_deletion_delay(value)
       freeze_time
       default_value = Settings.user_account_deletion_delay