Application prefs section#2758
Application prefs section#2758Gargron merged 26 commits intomastodon:masterfrom muffinista:application-prefs-section
Conversation
| # a registered application | ||
| # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support | ||
| # enable_application_owner :confirmation => true | ||
| enable_application_owner |
There was a problem hiding this comment.
does this have any effects on applications that exist already before these changes are applied?
There was a problem hiding this comment.
I don't believe so, and I'm running it in production with no reported issues.
There was a problem hiding this comment.
that was my only concern really. there are some merge conflicts so i'm going to mark this as requesting changes
There was a problem hiding this comment.
I'm not sure even why owner is required. Could you explain the reason?
There was a problem hiding this comment.
Yes, it sets the application owner to the current user if that data is available. Without that, we can't associate apps with owners.
There was a problem hiding this comment.
I mean I doubt associating apps with owners is necessary. Isn't tracking access tokens with resource owners enough?
There was a problem hiding this comment.
Maybe I'm missing something. The whole point of this PR is to associate applications with their creator so they can be managed and displayed in the settings section of that user. While tokens have an associated user, its very difficult to use that link to actually do any management of the app without some brittle hacks.
There was a problem hiding this comment.
I see. It looks good to me to add owner.
| # a registered application | ||
| # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support | ||
| # enable_application_owner :confirmation => true | ||
| enable_application_owner |
There was a problem hiding this comment.
that was my only concern really. there are some merge conflicts so i'm going to mark this as requesting changes
|
OK, conflicts should be resolved, thanks! |
beatrix-bitrot
left a comment
beatrix-bitrot
left a comment
There was a problem hiding this comment.
the CI checks are failing ):
I lost an `end` statement while fixing a merge conflict.
|
So sorry about that! I'm travelling and made a typo using the github inline editor. CI is passing now. |
|
No worries. Also sorry to ask but could you add a screenshot or two? I'm trying to take a little more care with my reviews and so I'd either want to run your changes on one of my servers before approving or at least see how it looks in some screenshots. |
|
No problem at all. First, the code is running on botsin.space if you want to create an account. Here's the app list:
Here's the Create New App page:
The app page, with tokens: |
- Add specs for app changes - Add locale strings. Add 'my apps' to nav - Add Client ID/Secret to App page. Add some visual separation - Fix some bugs/warnings
akihikodaki
left a comment
akihikodaki
left a comment
There was a problem hiding this comment.
It may be good to have a notice to tell users to keep tokens secret to the application page.
Mastodon has a variety of users and some of them are not familiar with them.
|
Is there a reason the redirect URI is a textarea instead of just an input? the styling looks odd. |
akihikodaki
left a comment
akihikodaki
left a comment
There was a problem hiding this comment.
For reuqests of additional tests; pending examples would be sufficient to merge this change, but actual examples will be appreciated.
Thank you for your contribution. This feature is essential.
| describe 'GET #show' do | ||
| it 'returns http success' do | ||
| get :show, params: { id: app.id } | ||
| expect(response).to have_http_status(:success) |
There was a problem hiding this comment.
Spec that it acutally shows the application. (testing assigns(:application) is enough.)
| end | ||
|
|
||
| describe 'POST #create' do | ||
| describe 'success' do |
There was a problem hiding this comment.
- Test if it actually creates an application.
- Use
contextinstead ofdescribe.
| end | ||
|
|
||
| describe 'PUT #update' do | ||
| describe 'success' do |
There was a problem hiding this comment.
- Test if it actually updates an application.
- Use
contextinstead ofdescribe.
| end | ||
| end | ||
|
|
||
| describe 'PUT #update' do |
There was a problem hiding this comment.
It is not PUT but PATCH.
| end | ||
|
|
||
| it 'should create new token' do | ||
| expect( user.token_for_app(app) ).to_not eql(token) |
There was a problem hiding this comment.
Do not add spaces in parentheses.
| end | ||
|
|
||
| it 'is nil if user does not own app' do | ||
| app.owner = nil |
There was a problem hiding this comment.
Use update! instead of a combination of an assignment and save!.
| # a registered application | ||
| # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support | ||
| # enable_application_owner :confirmation => true | ||
| enable_application_owner |
There was a problem hiding this comment.
I'm not sure even why owner is required. Could you explain the reason?
|
Thanks for the feedback! I think I've addressed most of the concerns raised here. I've updated the specs, added a note about not sharing API keys, and made a few other changes. I didn't change the textarea for the redirect URL for while I agree with @nightpool that the textarea looks a little weird here (especially with the default redirect), it makes it a lot easier to see URLs that are longer. I would be fine with changing it to a normal input though. |
akihikodaki
left a comment
akihikodaki
left a comment
There was a problem hiding this comment.
I request some minor changes. This change will be ready to merge after they are addressed.
| end | ||
|
|
||
| it 'returns 404 if you dont own app' do | ||
| app.owner = nil |
There was a problem hiding this comment.
Use update! here, too.
|
|
||
| describe 'GET #index' do | ||
| let(:other_app) { Fabricate(:application) } | ||
| before { |
There was a problem hiding this comment.
I think let! is what you expect, isn't it?
| end | ||
|
|
||
| it 'removes the app' do | ||
| expect(Doorkeeper::Application.find_by(id: app.id)).to be nil |
There was a problem hiding this comment.
This is trivial, but be nil is used here while the other part uses be_nil. Anyway we do not have standard about that as far as I know, so it does not blocking merging.
|
@beatrix-bitrot @akihikodaki pinging to check if/when this might be merged, and if anything else is needed to help with that? thanks! |
|
@Gargron please merge, request changes, or close this~ |
| class ReAddOwnerToApplication < ActiveRecord::Migration[5.0] | ||
| def change | ||
| add_column :oauth_applications, :owner_id, :integer, null: true | ||
| add_column :oauth_applications, :owner_type, :string, null: true |
There was a problem hiding this comment.
Wait, does this have to be polymorphic? We're never gonna attach the application to anything other than User. If this could be only owner_id with a foreign key ensuring integrity with the users table, that'd be far better.
There was a problem hiding this comment.
Adding the foreign key is no problem, it should be in the PR now.
I'm reluctant to remove the polymorphic association because it's part of Doorkeeper and the underlying code expects it, and removing it could have some weird side-effects. At the very least, removing owner_type breaks a bunch of specs I wrote which rely on the Application fabricator and while I can probably figure out a way around that issue, it seems like it would introduce a lot of potential fragility.
There was a problem hiding this comment.
Alright, that will do for now, since owner_type is essentially redundant.
* Add code for creating/managing apps to settings section * Add specs for app changes * Fix controller spec * Fix view file I pasted over by mistake * Add locale strings. Add 'my apps' to nav * Add Client ID/Secret to App page. Add some visual separation * Fix rubocop warnings * Fix embarrassing typo I lost an `end` statement while fixing a merge conflict. * Add code for creating/managing apps to settings section - Add specs for app changes - Add locale strings. Add 'my apps' to nav - Add Client ID/Secret to App page. Add some visual separation - Fix some bugs/warnings * Update to match code standards * Trigger notification * Add warning about not sharing API secrets * Tweak spec a bit * Cleanup fixture creation by using let! * Remove unused key * Add foreign key for application<->user
…4521, mastodon#4600 and mastodon#4664 (mastodon#4665) * Add Japanese translations for mastodon#2758, mastodon#4506, mastodon#4521, mastodon#4600 and mastodon#4664 * Do not translate Inbox URL and Outbox URL * Remove "あなたの" * Remove "あなたの"
…upstream Merge upstream changes up to 2c7eed1
5 participants
This adds a page to the preferences section to manage credentials for user-created applications.
The goal here is to make it easier for users to manage scripts that require API access. This could be clients, scripts that do some sort of data management, bots, etc. While it's obviously possible to get credentials for a script right now, it's a bit challenging and involved. With this code, you can create an app in the preferences section, and get a token right there. You can also regenerate your token if needed.
These changes also address an issue that exists in the code right now, which is that there is no way to edit the name or website of an app right now.