Change `POST /settings/applications/:id` to regenerate token on scopes change (#23359)

Fixes #23096
1 year ago · 20a479ff7c
parent 6a5e447753
commit 20a479ff7c
2 changed files with 8 additions and 2 deletions
--- a/app/controllers/settings/applications_controller.rb
+++ b/app/controllers/settings/applications_controller.rb
@ -29,7 +29,13 @@ class Settings::ApplicationsController < Settings::BaseController

  def update
    if @application.update(application_params)
-      redirect_to settings_applications_path, notice: I18n.t('generic.changes_saved_msg')
+      if @application.scopes_previously_changed?
+        @access_token = current_user.token_for_app(@application)
+        @access_token.destroy
+        redirect_to settings_application_path(@application), notice: I18n.t('applications.token_regenerated')
+      else
+        redirect_to settings_application_path(@application), notice: I18n.t('generic.changes_saved_msg')
+      end
    else
      render :show
    end
--- a/spec/controllers/settings/applications_controller_spec.rb
+++ b/spec/controllers/settings/applications_controller_spec.rb
@ -132,7 +132,7 @@ describe Settings::ApplicationsController do
      end

      it 'redirects back to applications page' do
-        expect(call_update).to redirect_to(settings_applications_path)
+        expect(call_update).to redirect_to(settings_application_path(app))
      end
    end