From 442dcd16886383b64a06daaa48b233784c2784f9 Mon Sep 17 00:00:00 2001 From: Ben Millwood Date: Sat, 28 Dec 2024 02:40:56 +0000 Subject: [PATCH] Fix duplicate SCOPE_WRITE check It's pretty clear from context this is intended to be SCOPE_FOLLOW. It's been like this ever since it was introduced in revision 49207a8 --- src/Security/OAuth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Security/OAuth.php b/src/Security/OAuth.php index 9a50a438d7..d169cb7eab 100644 --- a/src/Security/OAuth.php +++ b/src/Security/OAuth.php @@ -189,7 +189,7 @@ class OAuth 'created_at' => DateTimeFormat::utcNow() ]; - foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_PUSH] as $scope) { + foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_FOLLOW, BaseApi::SCOPE_PUSH] as $scope) { if ($fields[$scope] && !$application[$scope]) { Logger::warning('Requested token scope is not allowed for the application', ['token' => $fields, 'application' => $application]); }