Issue 13949: Block access via OAuth

This commit is contained in:
Michael 2024-02-29 22:03:57 +00:00
parent c9f7d9baff
commit dd55ba2d77
6 changed files with 6 additions and 11 deletions

View file

@ -1,6 +1,6 @@
-- ------------------------------------------ -- ------------------------------------------
-- Friendica 2024.03-rc (Yellow Archangel) -- Friendica 2024.03-rc (Yellow Archangel)
-- DB_UPDATE_VERSION 1554 -- DB_UPDATE_VERSION 1555
-- ------------------------------------------ -- ------------------------------------------
@ -2017,7 +2017,8 @@ CREATE VIEW `application-view` AS SELECT
`application-token`.`follow` AS `follow`, `application-token`.`follow` AS `follow`,
`application-token`.`push` AS `push` `application-token`.`push` AS `push`
FROM `application-token` FROM `application-token`
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`; INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`;
-- --
-- VIEW circle-member-view -- VIEW circle-member-view

View file

@ -21,10 +21,7 @@
namespace Friendica\Module\OAuth; namespace Friendica\Module\OAuth;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Module\BaseApi; use Friendica\Module\BaseApi;
use Friendica\Module\Special\HTTPException; use Friendica\Module\Special\HTTPException;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;

View file

@ -22,15 +22,12 @@
namespace Friendica\Module\OAuth; namespace Friendica\Module\OAuth;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Module\BaseApi; use Friendica\Module\BaseApi;
use Friendica\Module\Special\HTTPException; use Friendica\Module\Special\HTTPException;
use Friendica\Security\OAuth; use Friendica\Security\OAuth;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use GuzzleHttp\Psr7\Uri;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
/** /**

View file

@ -29,7 +29,6 @@ use Friendica\Model\Contact;
use Friendica\Model\User; use Friendica\Model\User;
use Friendica\Module\BaseApi; use Friendica\Module\BaseApi;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use GuzzleHttp\Psr7\Uri;
/** /**
* OAuth Server * OAuth Server

View file

@ -56,7 +56,7 @@ use Friendica\Database\DBA;
// This file is required several times during the test in DbaDefinition which justifies this condition // This file is required several times during the test in DbaDefinition which justifies this condition
if (!defined('DB_UPDATE_VERSION')) { if (!defined('DB_UPDATE_VERSION')) {
define('DB_UPDATE_VERSION', 1554); define('DB_UPDATE_VERSION', 1555);
} }
return [ return [

View file

@ -56,7 +56,8 @@
"push" => ["application-token", "push"], "push" => ["application-token", "push"],
], ],
"query" => "FROM `application-token` "query" => "FROM `application-token`
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`" INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`"
], ],
"circle-member-view" => [ "circle-member-view" => [
"fields" => [ "fields" => [