From 049b159beb672ca50b239a2275f78870ee7787da Mon Sep 17 00:00:00 2001
From: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
Date: Tue, 23 Apr 2024 13:47:00 +0200
Subject: [PATCH] Add read:me OAuth 2.0 scope, allowing more limited access to
 user data (#29087)

---
 .../api/v1/accounts/credentials_controller.rb      |  2 +-
 config/initializers/doorkeeper.rb                  |  1 +
 config/locales/doorkeeper.en.yml                   |  1 +
 spec/requests/api/v1/accounts/credentials_spec.rb  | 14 ++++++++++++++
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/v1/accounts/credentials_controller.rb b/app/controllers/api/v1/accounts/credentials_controller.rb
index 8f31336b9f..e8f712457e 100644
--- a/app/controllers/api/v1/accounts/credentials_controller.rb
+++ b/app/controllers/api/v1/accounts/credentials_controller.rb
@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 class Api::V1::Accounts::CredentialsController < Api::BaseController
-  before_action -> { doorkeeper_authorize! :read, :'read:accounts' }, except: [:update]
+  before_action -> { doorkeeper_authorize! :read, :'read:accounts', :'read:me' }, except: [:update]
   before_action -> { doorkeeper_authorize! :write, :'write:accounts' }, only: [:update]
   before_action :require_user!
 
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 428e473913..1e8f9ad506 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -89,6 +89,7 @@ Doorkeeper.configure do
                   :'write:reports',
                   :'write:statuses',
                   :read,
+                  :'read:me',
                   :'read:accounts',
                   :'read:blocks',
                   :'read:bookmarks',
diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index 0432a5e3fb..98776f2193 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -174,6 +174,7 @@ en:
       read:filters: see your filters
       read:follows: see your follows
       read:lists: see your lists
+      read:me: read only your account's basic information
       read:mutes: see your mutes
       read:notifications: see your notifications
       read:reports: see your reports
diff --git a/spec/requests/api/v1/accounts/credentials_spec.rb b/spec/requests/api/v1/accounts/credentials_spec.rb
index 737348c2dd..8ae9c78a0e 100644
--- a/spec/requests/api/v1/accounts/credentials_spec.rb
+++ b/spec/requests/api/v1/accounts/credentials_spec.rb
@@ -28,6 +28,20 @@ RSpec.describe 'credentials API' do
         locked: true,
       })
     end
+
+    describe 'allows the read:me scope' do
+      let(:scopes) { 'read:me' }
+
+      it 'returns the response successfully' do
+        subject
+
+        expect(response).to have_http_status(200)
+
+        expect(body_as_json).to include({
+          locked: true,
+        })
+      end
+    end
   end
 
   describe 'PATCH /api/v1/accounts/update_credentials' do
-- 
GitLab