From 0cc231f61c095542259171e624afced02dc0840a Mon Sep 17 00:00:00 2001 From: Penar Musaraj Date: Thu, 3 Oct 2024 15:44:21 -0400 Subject: [PATCH] DEV: Do not include passkey metadata needlessly (#29074) Only current user should see passkey metadata. --- app/serializers/user_serializer.rb | 2 +- spec/serializers/user_serializer_spec.rb | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/serializers/user_serializer.rb b/app/serializers/user_serializer.rb index 6f3855d876d..509d1656af5 100644 --- a/app/serializers/user_serializer.rb +++ b/app/serializers/user_serializer.rb @@ -182,7 +182,7 @@ class UserSerializer < UserCardSerializer end def include_user_passkeys? - SiteSetting.enable_passkeys? + SiteSetting.enable_passkeys? && user_is_current_user end def bio_raw diff --git a/spec/serializers/user_serializer_spec.rb b/spec/serializers/user_serializer_spec.rb index 985bb106b49..0cb07c86757 100644 --- a/spec/serializers/user_serializer_spec.rb +++ b/spec/serializers/user_serializer_spec.rb @@ -471,7 +471,14 @@ RSpec.describe UserSerializer do expect(json[:user_passkeys]).to eq(nil) end - it "includes passkeys if feature is enabled" do + it "does not include them if requesting user isn't current user" do + SiteSetting.enable_passkeys = true + json = UserSerializer.new(user, scope: Guardian.new(), root: false).as_json + + expect(json[:user_passkeys]).to eq(nil) + end + + it "includes passkeys if feature is enabled for current user" do SiteSetting.enable_passkeys = true json = UserSerializer.new(user, scope: Guardian.new(user), root: false).as_json