hackatime

mirror of https://github.com/System-End/hackatime.git synced 2026-04-20 00:35:22 +00:00

History

End 5f5eb93aed Allow rotating OAuth applications' secrets (#933 ) * feat(oauth): add rotate_secret action for oauth applications Add POST routes and controller actions for both owner-facing and admin OAuth application secret rotation using Doorkeeper's renew_secret. * feat(oauth): add rotate secret button and flash display to views Add Rotate Secret button with confirmation dialog to both owner and admin show pages. Display rotated secret via flash with copy button. * fix(oauth): restrict admin secret rotation to superadmins only Add explicit superadmin authorization check in rotate_secret action. The route constraint already limits access, but this adds defense in depth at the controller level to prevent privilege escalation. * fix(oauth): address PR review feedback for secret rotation - Remove duplicate stale lines in admin controller - Fix indentation in admin controller, both show views - Add superadmin guard to admin rotate_secret action - Use I18n for flash messages in doorkeeper controller - Add respond_to HTML/JSON branches matching existing patterns - Fix double space in before_action array * let's clean up a bit? * pt 2. * Make it actually work :P --------- Co-authored-by: Mahad Kalam <mahadkalam1234@gmail.com> Co-authored-by: Mahad Kalam <55807755+skyfallwastaken@users.noreply.github.com>	2026-02-15 13:28:39 +00:00
..
applications_controller.rb	Allow rotating OAuth applications' secrets (#933 )	2026-02-15 13:28:39 +00:00

Allow rotating OAuth applications' secrets (#933 )

* feat(oauth): add rotate_secret action for oauth applications

Add POST routes and controller actions for both owner-facing and admin
OAuth application secret rotation using Doorkeeper's renew_secret.

* feat(oauth): add rotate secret button and flash display to views

Add Rotate Secret button with confirmation dialog to both owner and
admin show pages. Display rotated secret via flash with copy button.

* fix(oauth): restrict admin secret rotation to superadmins only

Add explicit superadmin authorization check in rotate_secret action.
The route constraint already limits access, but this adds defense in
depth at the controller level to prevent privilege escalation.

* fix(oauth): address PR review feedback for secret rotation

- Remove duplicate stale lines in admin controller
- Fix indentation in admin controller, both show views
- Add superadmin guard to admin rotate_secret action
- Use I18n for flash messages in doorkeeper controller
- Add respond_to HTML/JSON branches matching existing patterns
- Fix double space in before_action array

* let's clean up a bit?

* pt 2.

* Make it actually work :P

---------

Co-authored-by: Mahad Kalam <mahadkalam1234@gmail.com>
Co-authored-by: Mahad Kalam <55807755+skyfallwastaken@users.noreply.github.com>

2026-02-15 13:28:39 +00:00

applications_controller.rb

Allow rotating OAuth applications' secrets (#933 )

2026-02-15 13:28:39 +00:00