IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-16 18:24:52 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: Prevent duplicates in API scope allowed URLs

Browse Source 
It's possible in Rails to map a single route to multiple controller
actions with different constraints. We do this in at least 1 place in
our application for the root route (/) to make it possible to change the
page that root route displays.

This means that if you get the list of routes of your application,
you'll get the same route for each time the route is defined. And if
there's an API scope for 2 (or more) controller actions that map to the
same route, the route will be listed twice in the Allowed URLs list of
the scope.

To prevent this, this PR adds the allowed URLs in a set so that
duplicate routes are automatically removed.
This commit is contained in:
OsamaSayegh 2022-04-06 23:16:06 +03:00 committed by Osama Sayegh
parent 5eaf4b8553
commit 2f7a307237
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/api_key_scope.rb
View File

@ -103,7 +103,7 @@ class ApiKeyScope < ActiveRecord::Base
end
def find_urls(actions:, methods:)
urls = []
urls = Set.new
if actions.present?
route_sets = [Rails.application.routes]
@ -140,7 +140,7 @@ class ApiKeyScope < ActiveRecord::Base
end
end
urls
urls.to_a
end
end