From 42117a391c270625bd791dc0c72b6bf4ace7ca64 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 28 Oct 2024 20:57:20 +0000
Subject: [PATCH] Issue 14478: Always use an existing application for OAuth

---
 src/Module/Api/Mastodon/Apps.php | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/Module/Api/Mastodon/Apps.php b/src/Module/Api/Mastodon/Apps.php
index 706e186095..1552bc2117 100644
--- a/src/Module/Api/Mastodon/Apps.php
+++ b/src/Module/Api/Mastodon/Apps.php
@@ -59,28 +59,34 @@ class Apps extends BaseApi
 			$this->logAndJsonError(422, $this->errorFactory->UnprocessableEntity($this->t('Missing parameters')));
 		}
 
-		$client_id     = bin2hex(random_bytes(32));
-		$client_secret = bin2hex(random_bytes(32));
-
-		$fields = ['client_id' => $client_id, 'client_secret' => $client_secret, 'name' => $request['client_name'], 'redirect_uri' => $request['redirect_uris']];
+		$fields = ['name' => $request['client_name'], 'redirect_uri' => $request['redirect_uris']];
 
 		if (!empty($request['scopes'])) {
 			$fields['scopes'] = $request['scopes'];
 		}
 
-		$fields['read']   = (stripos($request['scopes'], self::SCOPE_READ) !== false);
-		$fields['write']  = (stripos($request['scopes'], self::SCOPE_WRITE) !== false);
-		$fields['follow'] = (stripos($request['scopes'], self::SCOPE_FOLLOW) !== false);
-		$fields['push']   = (stripos($request['scopes'], self::SCOPE_PUSH) !== false);
-
 		if (!empty($request['website'])) {
 			$fields['website'] = $request['website'];
 		}
 
+		$application = DBA::selectFirst('application', ['id'], $fields);
+		if (!empty($application['id'])) {
+			$this->logger->debug('Found existing application', ['request' => $request, 'id' => $application['id']]);
+			$this->jsonExit(DI::mstdnApplication()->createFromApplicationId($application['id'])->toArray());
+		}
+
+		$fields['read']          = (stripos($request['scopes'], self::SCOPE_READ) !== false);
+		$fields['write']         = (stripos($request['scopes'], self::SCOPE_WRITE) !== false);
+		$fields['follow']        = (stripos($request['scopes'], self::SCOPE_FOLLOW) !== false);
+		$fields['push']          = (stripos($request['scopes'], self::SCOPE_PUSH) !== false);
+		$fields['client_id']     = bin2hex(random_bytes(32));
+		$fields['client_secret'] = bin2hex(random_bytes(32));
+
 		if (!DBA::insert('application', $fields)) {
 			$this->logAndJsonError(500, $this->errorFactory->InternalError());
 		}
 
+		$this->logger->debug('Create new application', ['request' => $request, 'id' => DBA::lastInsertId()]);
 		$this->jsonExit(DI::mstdnApplication()->createFromApplicationId(DBA::lastInsertId())->toArray());
 	}
 }