Refactor to remove client_id from ApplicationSerializer since this wa…

…s never released
ThisIsMissEm · May 16, 2024 · 300a1eb · 300a1eb
1 parent 1b04819
commit 300a1eb
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 20 deletions.
diff --git a/app/serializers/rest/application_serializer.rb b/app/serializers/rest/application_serializer.rb
@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
 class REST::ApplicationSerializer < ActiveModel::Serializer
-  attributes :id, :name, :website, :scopes, :redirect_uris,
-             :client_id
+  attributes :id, :name, :website, :scopes, :redirect_uris
 
   # NOTE: Deprecated in 4.3.0, needs to be removed in 5.0.0
   attribute :vapid_key
@@ -14,10 +13,6 @@ def id
     object.id.to_s
   end
 
-  def client_id
-    object.uid
-  end
-
   def website
     object.website.presence
   end

diff --git a/app/serializers/rest/credential_application_serializer.rb b/app/serializers/rest/credential_application_serializer.rb
@@ -1,7 +1,11 @@
 # frozen_string_literal: true
 
 class REST::CredentialApplicationSerializer < REST::ApplicationSerializer
-  attributes :client_secret
+  attributes :client_id, :client_secret
+
+  def client_id
+    object.uid
+  end
 
   def client_secret
     object.secret

diff --git a/spec/requests/api/v1/apps/credentials_spec.rb b/spec/requests/api/v1/apps/credentials_spec.rb
@@ -21,7 +21,6 @@
         expect(body_as_json).to match(
           a_hash_including(
             id: token.application.id.to_s,
-            client_id: token.application.uid,
             name: token.application.name,
             website: token.application.website,
             scopes: token.application.scopes.map(&:to_s),
@@ -33,11 +32,12 @@
         )
       end
 
-      it 'does not expose the client_secret' do
+      it 'does not expose the client_id or client_secret' do
         subject
 
         expect(response).to have_http_status(200)
 
+        expect(body_as_json[:client_id]).to_not be_present
         expect(body_as_json[:client_secret]).to_not be_present
       end
     end
@@ -59,7 +59,6 @@
         expect(body_as_json).to match(
           a_hash_including(
             id: token.application.id.to_s,
-            client_id: token.application.uid,
             name: token.application.name,
             website: token.application.website,
             scopes: token.application.scopes.map(&:to_s),

diff --git a/spec/requests/api/v1/apps_spec.rb b/spec/requests/api/v1/apps_spec.rb
@@ -10,7 +10,8 @@
 
     let(:client_name)   { 'Test app' }
     let(:scopes)        { 'read write' }
-    let(:redirect_uris) { 'urn:ietf:wg:oauth:2.0:oob' }
+    let(:redirect_uri)  { 'urn:ietf:wg:oauth:2.0:oob' }
+    let(:redirect_uris) { [redirect_uri] }
     let(:website)       { nil }
 
     let(:params) do
@@ -31,16 +32,23 @@
         app = Doorkeeper::Application.find_by(name: client_name)
 
         expect(app).to be_present
-        expect(app.scopes.to_s).to eq 'read write'
-        expect(app.redirect_uris).to eq [redirect_uris]
-
-        body = body_as_json
+        expect(app.scopes.to_s).to eq scopes
+        expect(app.redirect_uris).to eq redirect_uris
 
-        expect(body[:id]).to eq app.id.to_s
-        expect(body[:client_id]).to be_present
-        expect(body[:client_secret]).to be_present
-        expect(body[:scopes]).to eq ['read', 'write']
-        expect(body[:redirect_uris]).to eq [redirect_uris]
+        expect(body_as_json).to match(
+          a_hash_including(
+            id: app.id.to_s,
+            client_id: app.uid,
+            client_secret: app.secret,
+            name: client_name,
+            website: website,
+            scopes: ['read', 'write'],
+            redirect_uris: redirect_uris,
+            # Deprecated properties as of 4.3:
+            redirect_uri: redirect_uri,
+            vapid_key: Rails.configuration.x.vapid_public_key
+          )
+        )
       end
     end