Merge d8cc3f36e5 into 5cd13ee4f1

app/controllers/api/v1/apps_controller.rb

@@ -24,6 +24,6 @@ class Api::V1::AppsController < Api::BaseController
   end
 
   def app_params
-    params.permit(:client_name, :redirect_uris, :scopes, :website)
+    params.permit(:client_name, :scopes, :website, :redirect_uris, redirect_uris: [])
   end
 end

app/serializers/rest/application_serializer.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class REST::ApplicationSerializer < ActiveModel::Serializer
-  attributes :id, :name, :website, :scopes, :redirect_uri,
+  attributes :id, :name, :website, :scopes, :redirect_uri, :redirect_uris,
              :client_id, :client_secret
 
   # NOTE: Deprecated in 4.3.0, needs to be removed in 5.0.0
@@ -19,6 +19,19 @@ class REST::ApplicationSerializer < ActiveModel::Serializer
     object.secret
   end
 
+  # We should consider this property deprecated for 4.3.0
+  def redirect_uri
+    # Doorkeeper stores the redirect_uri value as a newline delimeted list in
+    # the database, as we may have more than one redirect URI, return the first:
+    object.redirect_uri.split.first
+  end
+
+  def redirect_uris
+    # Doorkeeper stores the redirect_uri value as a newline delimeted list in
+    # the database:
+    object.redirect_uri.split
+  end
+
   def website
     object.website.presence
   end

spec/requests/api/v1/apps_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe 'Apps' do
     end
 
     let(:client_name)   { 'Test app' }
-    let(:scopes)        { nil }
+    let(:scopes)        { 'read write' }
     let(:redirect_uris) { 'urn:ietf:wg:oauth:2.0:oob' }
     let(:website)       { nil }
 
@@ -28,11 +28,49 @@ RSpec.describe 'Apps' do
 
         expect(response).to have_http_status(200)
         expect(Doorkeeper::Application.find_by(name: client_name)).to be_present
+        expect(Doorkeeper::Application.find_by(name: client_name).scopes.to_s).to eq 'read write'
 
         body = body_as_json
 
         expect(body[:client_id]).to be_present
         expect(body[:client_secret]).to be_present
+        expect(body[:scopes]).to eq ['read', 'write']
+        expect(body[:redirect_uris]).to eq [redirect_uris]
+      end
+    end
+
+    context 'without scopes being supplied' do
+      let(:scopes) { nil }
+
+      it 'creates an OAuth App with the default scope' do
+        subject
+
+        expect(response).to have_http_status(200)
+        expect(Doorkeeper::Application.find_by(name: client_name)).to be_present
+
+        body = body_as_json
+
+        expect(body[:scopes]).to eq Doorkeeper.config.default_scopes.to_a
+      end
+    end
+
+    # FIXME: This is a bug: https://github.com/mastodon/mastodon/issues/30152
+    context 'with scopes as an array' do
+      let(:scopes) { %w(read write follow) }
+
+      it 'creates an OAuth App with the default scope' do
+        subject
+
+        expect(response).to have_http_status(200)
+
+        app = Doorkeeper::Application.find_by(name: client_name)
+
+        expect(app).to be_present
+        expect(app.scopes.to_s).to eq 'read'
+
+        body = body_as_json
+
+        expect(body[:scopes]).to eq ['read']
       end
     end
 
@@ -87,8 +125,67 @@ RSpec.describe 'Apps' do
       end
     end
 
-    context 'without required params' do
-      let(:client_name)   { '' }
+    context 'with multiple redirect_uris as a string' do
+      let(:redirect_uris) { "https://redirect1.example/\napp://redirect2.example/" }
+
+      it 'creates an OAuth application with multiple redirect URIs' do
+        subject
+
+        expect(response).to have_http_status(200)
+
+        app = Doorkeeper::Application.find_by(name: client_name)
+
+        expect(app).to be_present
+        expect(app.redirect_uri).to eq redirect_uris
+
+        body = body_as_json
+
+        expect(body[:redirect_uri]).to eq 'https://redirect1.example/'
+        expect(body[:redirect_uris]).to eq redirect_uris.split
+      end
+    end
+
+    context 'with multiple redirect_uris as an array' do
+      let(:redirect_uris) { ['https://redirect1.example/', 'app://redirect2.example/'] }
+
+      it 'creates an OAuth application with multiple redirect URIs' do
+        subject
+
+        expect(response).to have_http_status(200)
+
+        app = Doorkeeper::Application.find_by(name: client_name)
+
+        expect(app).to be_present
+        expect(app.redirect_uri).to eq redirect_uris.join "\n"
+
+        body = body_as_json
+
+        expect(body[:redirect_uri]).to eq 'https://redirect1.example/'
+        expect(body[:redirect_uris]).to eq redirect_uris
+      end
+    end
+
+    context 'with an empty redirect_uris array' do
+      let(:redirect_uris) { [] }
+
+      it 'returns http unprocessable entity' do
+        subject
+
+        expect(response).to have_http_status(422)
+      end
+    end
+
+    context 'with just a newline as the redirect_uris string' do
+      let(:redirect_uris) { "\n" }
+
+      it 'returns http unprocessable entity' do
+        subject
+
+        expect(response).to have_http_status(422)
+      end
+    end
+
+    context 'with an empty redirect_uris string' do
       let(:redirect_uris) { '' }
 
       it 'returns http unprocessable entity' do
@@ -97,5 +194,30 @@ RSpec.describe 'Apps' do
         expect(response).to have_http_status(422)
       end
     end
+
+    context 'without a required param' do
+      let(:client_name) { '' }
+
+      it 'returns http unprocessable entity' do
+        subject
+
+        expect(response).to have_http_status(422)
+      end
+    end
+
+    context 'with a website' do
+      let(:website) { 'https://app.example/' }
+
+      it 'creates an OAuth application with the website specified' do
+        subject
+
+        expect(response).to have_http_status(200)
+
+        app = Doorkeeper::Application.find_by(name: client_name)
+
+        expect(app).to be_present
+        expect(app.website).to eq website
+      end
+    end
   end
 end