Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-22 09:10:10 +00:00
Code Issues Projects Releases Packages Wiki Activity

Repurposed OAuth frontend handling, store the scope

Browse source
This commit is contained in:
Michael 2021-05-13 14:58:55 +00:00
parent 132e08edb8
commit b18073d5a8
9 changed files with 121 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/Module/Api/Mastodon/Apps.php
View file

@ -51,7 +51,7 @@ class Apps extends BaseApi
$name = $_REQUEST['client_name'] ?? '';
$redirect = $_REQUEST['redirect_uris'] ?? '';
$scopes = $_REQUEST['scopes'] ?? '';
$scopes = $_REQUEST['scopes'] ?? 'read';
$website = $_REQUEST['website'] ?? '';
if (empty($name) || empty($redirect)) {
@ -67,6 +67,10 @@ class Apps extends BaseApi
$fields['scopes'] = $scopes;
}
$fields['read'] = (stripos($scopes, 'read') !== false);
$fields['write'] = (stripos($scopes, 'write') !== false);
$fields['follow'] = (stripos($scopes, 'follow') !== false);
if (!empty($website)) {
$fields['website'] = $website;
}

6
src/Module/BaseApi.php
View file

@ -267,9 +267,9 @@ class BaseApi extends BaseModule
$code = bin2hex(random_bytes(32));
$access_token = bin2hex(random_bytes(32));
// @todo store the scope
$fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token, 'created_at' => DateTimeFormat::utcNow(DateTimeFormat::MYSQL)];
$fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token, 'scopes' => $scope,
'read' => (stripos($scope, 'read') !== false), 'write' => (stripos($scope, 'write') !== false),
'follow' => (stripos($scope, 'follow') !== false), 'created_at' => DateTimeFormat::utcNow(DateTimeFormat::MYSQL)];
if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) {
return [];
}

2
src/Module/OAuth/Authorize.php
View file

@ -41,7 +41,7 @@ class Authorize extends BaseApi
$client_id = $_REQUEST['client_id'] ?? '';
$client_secret = $_REQUEST['client_secret'] ?? ''; // Isn't normally provided. We will use it if present.
$redirect_uri = $_REQUEST['redirect_uri'] ?? '';
$scope = $_REQUEST['scope'] ?? '';
$scope = $_REQUEST['scope'] ?? 'read';
$state = $_REQUEST['state'] ?? '';
if ($response_type != 'code') {