Add client_secret_expires_at to OAuth Applications (mastodon#30317)

kmycode · Nov 12, 2024 · 2bd56f7 · 2bd56f7
1 parent ace4268
commit 2bd56f7
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/app/serializers/rest/credential_application_serializer.rb b/app/serializers/rest/credential_application_serializer.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class REST::CredentialApplicationSerializer < REST::ApplicationSerializer
-  attributes :client_id, :client_secret
+  attributes :client_id, :client_secret, :client_secret_expires_at
 
   def client_id
     object.uid
@@ -10,4 +10,10 @@ def client_id
   def client_secret
     object.secret
   end
+
+  # Added for future forwards compatibility when we may decide to expire OAuth
+  # Applications. Set to zero means that the client_secret never expires.
+  def client_secret_expires_at
+    0
+  end
 end
diff --git a/spec/requests/api/v1/apps/credentials_spec.rb b/spec/requests/api/v1/apps/credentials_spec.rb
@@ -44,6 +44,7 @@
         expect(response.parsed_body)
           .to not_include(client_id: be_present)
           .and not_include(client_secret: be_present)
+          .and not_include(client_secret_expires_at: be_present)
       end
     end
 

diff --git a/spec/requests/api/v1/apps_spec.rb b/spec/requests/api/v1/apps_spec.rb
@@ -42,6 +42,7 @@
             id: app.id.to_s,
             client_id: app.uid,
             client_secret: app.secret,
+            client_secret_expires_at: 0,
             name: client_name,
             website: website,
             scopes: ['read', 'write'],