Check that the permission is non-zero

author Tom Hughes <tom@compton.nu>

Thu, 1 Jul 2021 15:26:17 +0000 (16:26 +0100)

committer Tom Hughes <tom@compton.nu>

Thu, 1 Jul 2021 15:35:29 +0000 (16:35 +0100)
author Tom Hughes <tom@compton.nu>
Thu, 1 Jul 2021 15:26:17 +0000 (16:26 +0100)
committer Tom Hughes <tom@compton.nu>
Thu, 1 Jul 2021 15:35:29 +0000 (16:35 +0100)
diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb

index babd27c536ffd4eaf4d813e2fce559678a2fbadc..7ab7f68359c52e7498ee6e5b0e15dcdda2dedeb1 100644 (file)
--- a/app/controllers/oauth_controller.rb
+++ b/app/controllers/oauth_controller.rb
@@ -27,7 +27,7 @@ class OauthController < ApplicationController
      any_auth = false
  
      @token.client_application.permissions.each do |pref|
-      if params[pref]
+      if params[pref].to_i.nonzero?
          @token.write_attribute(pref, true)
          any_auth ||= true
        else
diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb

index 1505cb34ab4fcc06b30d99057fd6a193236d79b8..579941774567b621b156cccf1ff197da99b2f3e9 100644 (file)
--- a/test/integration/oauth_test.rb
+++ b/test/integration/oauth_test.rb
@@ -68,7 +68,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
  
      post "/oauth/authorize",
           :params => { :oauth_token => token.token,
-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }
      if client.callback_url
        assert_response :redirect
        assert_redirected_to "#{client.callback_url}?oauth_token=#{token.token}"
@@ -151,7 +151,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
  
      post "/oauth/authorize",
           :params => { :oauth_token => token.token, :oauth_callback => callback_url,
-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }
      assert_response :redirect
      assert_redirected_to "#{callback_url}?oauth_token=#{token.token}"
      token.reload
@@ -198,7 +198,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
  
      post "/oauth/authorize",
           :params => { :oauth_token => token.token,
-                      :allow_read_prefs => true, :allow_write_prefs => true }
+                      :allow_read_prefs => "1", :allow_write_prefs => "1" }
      if client.callback_url
        assert_response :redirect
        verifier = parse_verifier(response)
@@ -257,7 +257,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
  
      post "/oauth/authorize",
           :params => { :oauth_token => token.token,
-                      :allow_write_api => true, :allow_read_gpx => true }
+                      :allow_write_api => "1", :allow_read_gpx => "1" }
      assert_response :redirect
      verifier = parse_verifier(response)
      assert_redirected_to "#{callback_url}?oauth_token=#{token.token}&oauth_verifier=#{verifier}"
author	Tom Hughes <tom@compton.nu>
	Thu, 1 Jul 2021 15:26:17 +0000 (16:26 +0100)
committer	Tom Hughes <tom@compton.nu>
	Thu, 1 Jul 2021 15:35:29 +0000 (16:35 +0100)
app/controllers/oauth_controller.rb		patch \| blob \| history
test/integration/oauth_test.rb		patch \| blob \| history