gitea/nas
1
0
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Assert usage of client credentials for account registration (#34828)

Browse source
This commit is contained in:
Emelia Smith 2025-05-28 14:09:32 +02:00 committed by GitHub
parent 6ffa262546
commit a73ade526a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

19
spec/requests/api/v1/accounts_spec.rb
View file

@ -78,10 +78,27 @@ RSpec.describe '/api/v1/accounts' do
end
let(:client_app) { Fabricate(:application) }
let(:token) { Doorkeeper::AccessToken.find_or_create_for(application: client_app, resource_owner: nil, scopes: 'read write', use_refresh_token: false) }
let(:token) { Fabricate(:client_credentials_token, application: client_app, scopes: 'read write') }
let(:agreement) { nil }
let(:date_of_birth) { nil }
context 'when not using client credentials token' do
let(:token) { Fabricate(:accessible_access_token, application: client_app, scopes: 'read write', resource_owner_id: user.id) }
it 'returns http forbidden error' do
subject
expect(response).to have_http_status(403)
expect(response.content_type)
.to start_with('application/json')
expect(response.parsed_body)
.to include(
error: 'This method requires an client credentials authentication'
)
end
end
context 'when age verification is enabled' do
before do
Setting.min_age = 16