From 91bf3e33790deb5ff5c15fec4f8d09d06c54d7c6 Mon Sep 17 00:00:00 2001
From: Son NK <son@imac-de-son.home>
Date: Thu, 11 Jul 2019 19:48:22 +0200
Subject: [PATCH] do not display avatar_url to user

---
 app/oauth/templates/oauth/authorize_nonlogin_user.html | 8 +++++++-
 app/oauth/views/authorize.py                           | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/oauth/templates/oauth/authorize_nonlogin_user.html b/app/oauth/templates/oauth/authorize_nonlogin_user.html
index 61f98747..777971eb 100644
--- a/app/oauth/templates/oauth/authorize_nonlogin_user.html
+++ b/app/oauth/templates/oauth/authorize_nonlogin_user.html
@@ -6,7 +6,13 @@
 
     <ul class="mt-3">
       {% for scope in client.get_scopes() %}
-        <li>{{ scope.value }}</li>
+        <li>
+        {% if scope == Scope.AVATAR_URL %}
+          avatar
+        {% else %}
+          {{ scope.value }}
+        {% endif %}
+        </li>
       {% endfor %}
     </ul>
 
diff --git a/app/oauth/views/authorize.py b/app/oauth/views/authorize.py
index 998de1aa..1fc12172 100644
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@@ -82,7 +82,7 @@ def authorize():
         else:
             # after user logs in, redirect user back to this page
             return render_template(
-                "oauth/authorize_nonlogin_user.html", client=client, next=request.url
+                "oauth/authorize_nonlogin_user.html", client=client, next=request.url, Scope=Scope,
             )
     else:  # user allows or denies
         gen_new_email = request.form.get("gen-email") == "on"