From 2e5e386c104e2e3b4d039b6fb4edde1c8943c6a1 Mon Sep 17 00:00:00 2001 From: Dante Soares Date: Mon, 21 Oct 2024 12:25:29 -0500 Subject: [PATCH 1/3] Fix Doorkeeper scopes for user APIs (#1266) * Fix Doorkeeper scopes for user APIs * Read default_scopes directly from the config --- app/controllers/api/v1/users_controller.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb index 174c289f8..7c0244783 100644 --- a/app/controllers/api/v1/users_controller.rb +++ b/app/controllers/api/v1/users_controller.rb @@ -261,10 +261,12 @@ def create_external_id private def get_sso_token(application, user) + default_scopes = Doorkeeper.config.default_scopes.to_s + access_token = Doorkeeper::AccessToken.find_or_create_for( application: application, resource_owner: user.id, - scopes: '', + scopes: default_scopes, expires_in: SSO_TOKEN_INITIAL_DURATION, use_refresh_token: false, ) @@ -278,7 +280,7 @@ def get_sso_token(application, user) access_token = Doorkeeper::AccessToken.create_for( application: application.id, resource_owner: user.id, - scopes: '', + scopes: default_scopes, expires_in: SSO_TOKEN_INITIAL_DURATION, use_refresh_token: false ) From a9dfa5865ae535bfb560d6d159733b5ccac7bcd5 Mon Sep 17 00:00:00 2001 From: Dante Soares Date: Mon, 21 Oct 2024 13:50:55 -0500 Subject: [PATCH 2/3] Fix user API scopes again (#1267) --- app/controllers/api/v1/users_controller.rb | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/app/controllers/api/v1/users_controller.rb b/app/controllers/api/v1/users_controller.rb index 7c0244783..737210dbb 100644 --- a/app/controllers/api/v1/users_controller.rb +++ b/app/controllers/api/v1/users_controller.rb @@ -261,12 +261,10 @@ def create_external_id private def get_sso_token(application, user) - default_scopes = Doorkeeper.config.default_scopes.to_s - access_token = Doorkeeper::AccessToken.find_or_create_for( application: application, resource_owner: user.id, - scopes: default_scopes, + scopes: Doorkeeper.config.default_scopes, expires_in: SSO_TOKEN_INITIAL_DURATION, use_refresh_token: false, ) @@ -280,7 +278,7 @@ def get_sso_token(application, user) access_token = Doorkeeper::AccessToken.create_for( application: application.id, resource_owner: user.id, - scopes: default_scopes, + scopes: Doorkeeper.config.default_scopes, expires_in: SSO_TOKEN_INITIAL_DURATION, use_refresh_token: false ) From 11f8ddd03b98c056d8cc539dcae37b182d3a3268 Mon Sep 17 00:00:00 2001 From: Dante Soares Date: Mon, 21 Oct 2024 18:13:38 -0500 Subject: [PATCH 3/3] Fix error when calling the users API with no parameters (#1268) --- Gemfile | 2 +- Gemfile.lock | 2 +- app/routines/search_users.rb | 2 +- spec/controllers/api/v1/users_controller_spec.rb | 6 ++++++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index 94ac8c47d..79c7a5fcb 100644 --- a/Gemfile +++ b/Gemfile @@ -123,7 +123,7 @@ gem 'delayed_job_heartbeat_plugin' gem 'representable' # Keyword search -gem 'keyword_search', '~> 1.5.0' +gem 'keyword_search' # ToS/PP management gem 'fine_print', github: 'lml/fine_print', ref: '636023f68e95196dffaf295bfad3ad8051c23542' diff --git a/Gemfile.lock b/Gemfile.lock index 9dd659a56..09e80a2df 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -863,7 +863,7 @@ DEPENDENCIES jobba jquery-rails json-jwt - keyword_search (~> 1.5.0) + keyword_search knockoutjs-rails launchy lev! diff --git a/app/routines/search_users.rb b/app/routines/search_users.rb index cb685ff83..49061c24c 100644 --- a/app/routines/search_users.rb +++ b/app/routines/search_users.rb @@ -47,7 +47,7 @@ def exec(query, options={}) ] ) - KeywordSearch.search(query) do |with| + KeywordSearch.search(query || '') do |with| with.default_keyword :any diff --git a/spec/controllers/api/v1/users_controller_spec.rb b/spec/controllers/api/v1/users_controller_spec.rb index af95dfdf8..75880e7cb 100644 --- a/spec/controllers/api/v1/users_controller_spec.rb +++ b/spec/controllers/api/v1/users_controller_spec.rb @@ -58,6 +58,12 @@ let(:is_not_gdpr_location) { nil } context "index" do + it "does not explode when called without params" do + api_get :index, trusted_application_token + expect(response.code).to eq('200') + expect(response.body_as_hash).to match({ total_count: User.count, items: [] }) + end + it "returns a single result well" do api_get :index, trusted_application_token, params: { q: 'first_name:bob last_name:Michaels' } expect(response.code).to eq('200')