mirror of
https://github.com/friendica/friendica
synced 2024-11-17 20:23:40 +00:00
Issue 13949: Block access via OAuth
This commit is contained in:
parent
c9f7d9baff
commit
dd55ba2d77
6 changed files with 6 additions and 11 deletions
|
@ -1,6 +1,6 @@
|
|||
-- ------------------------------------------
|
||||
-- Friendica 2024.03-rc (Yellow Archangel)
|
||||
-- DB_UPDATE_VERSION 1554
|
||||
-- DB_UPDATE_VERSION 1555
|
||||
-- ------------------------------------------
|
||||
|
||||
|
||||
|
@ -2017,7 +2017,8 @@ CREATE VIEW `application-view` AS SELECT
|
|||
`application-token`.`follow` AS `follow`,
|
||||
`application-token`.`push` AS `push`
|
||||
FROM `application-token`
|
||||
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`;
|
||||
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
|
||||
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`;
|
||||
|
||||
--
|
||||
-- VIEW circle-member-view
|
||||
|
|
|
@ -21,10 +21,7 @@
|
|||
|
||||
namespace Friendica\Module\OAuth;
|
||||
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\DI;
|
||||
use Friendica\Module\BaseApi;
|
||||
use Friendica\Module\Special\HTTPException;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
|
|
|
@ -22,15 +22,12 @@
|
|||
namespace Friendica\Module\OAuth;
|
||||
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Database\DBA;
|
||||
use Friendica\DI;
|
||||
use Friendica\Model\User;
|
||||
use Friendica\Module\BaseApi;
|
||||
use Friendica\Module\Special\HTTPException;
|
||||
use Friendica\Security\OAuth;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use GuzzleHttp\Psr7\Uri;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
|
||||
/**
|
||||
|
|
|
@ -29,7 +29,6 @@ use Friendica\Model\Contact;
|
|||
use Friendica\Model\User;
|
||||
use Friendica\Module\BaseApi;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use GuzzleHttp\Psr7\Uri;
|
||||
|
||||
/**
|
||||
* OAuth Server
|
||||
|
|
|
@ -56,7 +56,7 @@ use Friendica\Database\DBA;
|
|||
|
||||
// This file is required several times during the test in DbaDefinition which justifies this condition
|
||||
if (!defined('DB_UPDATE_VERSION')) {
|
||||
define('DB_UPDATE_VERSION', 1554);
|
||||
define('DB_UPDATE_VERSION', 1555);
|
||||
}
|
||||
|
||||
return [
|
||||
|
|
|
@ -56,7 +56,8 @@
|
|||
"push" => ["application-token", "push"],
|
||||
],
|
||||
"query" => "FROM `application-token`
|
||||
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`"
|
||||
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
|
||||
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`"
|
||||
],
|
||||
"circle-member-view" => [
|
||||
"fields" => [
|
||||
|
|
Loading…
Reference in a new issue