From ede745495d5eb9df35f6177c2cdfbc6c2a99e341 Mon Sep 17 00:00:00 2001
From: Faruk AYDIN <omerfaruk26@gmail.com>
Date: Wed, 22 Jan 2025 17:37:59 +0100
Subject: [PATCH] fix: Do not create oauth clients for non-supported apps

---
 .../v1/admin/apps/create-oauth-client.ee.js   |  6 ++--
 .../admin/apps/create-oauth-client.ee.test.js | 28 +++++++++++++++++++
 packages/backend/src/models/app-config.js     | 22 +++++++++++++++
 3 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.js b/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.js
index ffba9257..0120e2af 100644
--- a/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.js
@@ -6,9 +6,9 @@ export default async (request, response) => {
     .findOne({ key: request.params.appKey })
     .throwIfNotFound();
 
-  const oauthClient = await appConfig
-    .$relatedQuery('oauthClients')
-    .insert(oauthClientParams(request));
+  const oauthClient = await appConfig.createOAuthClient(
+    oauthClientParams(request)
+  );
 
   renderObject(response, oauthClient, { status: 201 });
 };
diff --git a/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.test.js b/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.test.js
index 4746a881..8f1eedde 100644
--- a/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.test.js
+++ b/packages/backend/src/controllers/api/v1/admin/apps/create-oauth-client.ee.test.js
@@ -48,6 +48,34 @@ describe('POST /api/v1/admin/apps/:appKey/oauth-clients', () => {
     expect(response.body).toMatchObject(expectedPayload);
   });
 
+  it('should throw validation error for app that does not support oauth connections', async () => {
+    await createAppConfig({
+      key: 'deepl',
+    });
+
+    const oauthClient = {
+      active: true,
+      appKey: 'deepl',
+      name: 'First auth client',
+      formattedAuthDefaults: {
+        clientid: 'sample client ID',
+        clientSecret: 'sample client secret',
+        instanceUrl: 'https://deepl.com',
+        oAuthRedirectUrl: 'http://localhost:3001/app/deepl/connection/add',
+      },
+    };
+
+    const response = await request(app)
+      .post('/api/v1/admin/apps/deepl/oauth-clients')
+      .set('Authorization', token)
+      .send(oauthClient)
+      .expect(422);
+
+    expect(response.body.errors).toMatchObject({
+      app: ['This app does not support OAuth clients!'],
+    });
+  });
+
   it('should return not found response for not existing app config', async () => {
     const oauthClient = {
       active: true,
diff --git a/packages/backend/src/models/app-config.js b/packages/backend/src/models/app-config.js
index fe7e2d44..c34a0ac4 100644
--- a/packages/backend/src/models/app-config.js
+++ b/packages/backend/src/models/app-config.js
@@ -1,6 +1,7 @@
 import App from './app.js';
 import OAuthClient from './oauth-client.js';
 import Base from './base.js';
+import { ValidationError } from 'objection';
 
 class AppConfig extends Base {
   static tableName = 'app_configs';
@@ -39,6 +40,27 @@ class AppConfig extends Base {
 
     return await App.findOneByKey(this.key);
   }
+
+  async createOAuthClient(params) {
+    const supportsOauthClients = (await this.getApp())?.auth?.generateAuthUrl
+      ? true
+      : false;
+
+    if (!supportsOauthClients) {
+      throw new ValidationError({
+        data: {
+          app: [
+            {
+              message: 'This app does not support OAuth clients!',
+            },
+          ],
+        },
+        type: 'ModelValidation',
+      });
+    }
+
+    return await this.$relatedQuery('oauthClients').insert(params);
+  }
 }
 
 export default AppConfig;