Skip to content

Commit

Permalink
expose device token in /devices/:id endpoint to device owner and admins
Browse files Browse the repository at this point in the history
  • Loading branch information
@timcowlishaw
timcowlishaw committed Dec 20, 2023
1 parent 76d30ba commit 32dcf80
Show file tree
Hide file tree
Showing 2 changed files with 33 additions and 1 deletion.
2 changes: 2 additions & 0 deletions app/views/v0/devices/_device.jbuilder
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,10 @@ json.(

if current_user and (current_user.is_admin? or (device.owner_id and current_user.id == device.owner_id))
json.merge! mac_address: device.mac_address
json.merge! device_token: device.device_token
else
json.merge! mac_address: '[FILTERED]'
json.merge! device_token: '[FILTERED]'
end

if with_owner && device.owner
Expand Down
32 changes: 31 additions & 1 deletion spec/requests/v0/devices_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
# expect(json[0]['name']).to eq(first.name)
# expect(json[1]['name']).to eq(second.name)
expect(json[0].keys).to eq(%w(id uuid name description state postprocessing
hardware_info system_tags user_tags is_private notify_low_battery notify_stopped_publishing last_reading_at added_at updated_at mac_address owner data kit))
hardware_info system_tags user_tags is_private notify_low_battery notify_stopped_publishing last_reading_at added_at updated_at mac_address device_token owner data kit))
end

describe "when not logged in" do
Expand Down Expand Up @@ -257,6 +257,36 @@

end

describe "device_token" do

before do
device.device_token = "secret_token"
device.save!
end

it "filters device token from guests" do
j = api_get "devices/#{device.id}"
expect(j['device_token']).to eq('[FILTERED]')
end

it "filters device token from users" do
j = api_get "devices/#{device.id}?access_token=#{token.token}"
expect(j['device_token']).to eq('[FILTERED]')
end

it "exposes device token to device owner" do
device = create(:device, owner: user, device_token: "secret_token_2")
j = api_get "devices/#{device.id}?access_token=#{token.token}"
expect(j['device_token']).to eq(device.device_token)
end

it "exposes device token to admin" do
j = api_get "devices/#{device.id}?access_token=#{admin_token.token}"
expect(j['device_token']).to eq(device.device_token)
end

end

end

describe "PUT /devices/:id" do
Expand Down

0 comments on commit 32dcf80

Please sign in to comment.