diff options
| author | feld <feld@feld.me> | 2024-09-01 18:24:06 +0000 |
|---|---|---|
| committer | feld <feld@feld.me> | 2024-09-01 18:24:06 +0000 |
| commit | 9077d0925b61b0ba23c0ee5b41627dc91266d52d (patch) | |
| tree | 756efc2a0176655af79439c4e0dfd20920851cc2 /lib | |
| parent | 61e4be396f741cf45a2861e026b1e5fb3d185d99 (diff) | |
| parent | 751d63d4bb05caececf52a3a3b134182e57a059d (diff) | |
| download | pleroma-9077d0925b61b0ba23c0ee5b41627dc91266d52d.tar.gz pleroma-9077d0925b61b0ba23c0ee5b41627dc91266d52d.zip | |
Merge branch 'oauth-app-spam' into 'develop'
Fix OAuth app spam
See merge request pleroma/pleroma!4244
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/mastodon_api/controllers/app_controller.ex | 3 | ||||
| -rw-r--r-- | lib/pleroma/web/o_auth/app.ex | 24 |
2 files changed, 9 insertions, 18 deletions
diff --git a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex index 844673ae0..4677ac40a 100644 --- a/lib/pleroma/web/mastodon_api/controllers/app_controller.ex +++ b/lib/pleroma/web/mastodon_api/controllers/app_controller.ex @@ -36,8 +36,7 @@ defmodule Pleroma.Web.MastodonAPI.AppController do |> Map.put(:scopes, scopes) |> Maps.put_if_present(:user_id, user_id) - with cs <- App.register_changeset(%App{}, app_attrs), - {:ok, app} <- Repo.insert(cs) do + with {:ok, app} <- App.get_or_make(app_attrs) do render(conn, "show.json", app: app) end end diff --git a/lib/pleroma/web/o_auth/app.ex b/lib/pleroma/web/o_auth/app.ex index d1bf6dd18..889850c73 100644 --- a/lib/pleroma/web/o_auth/app.ex +++ b/lib/pleroma/web/o_auth/app.ex @@ -67,35 +67,27 @@ defmodule Pleroma.Web.OAuth.App do with %__MODULE__{} = app <- Repo.get(__MODULE__, id) do app |> changeset(params) + |> validate_required([:scopes]) |> Repo.update() end end @doc """ - Gets app by attrs or create new with attrs. - And updates the scopes if need. + Gets app by attrs or create new with attrs. + Updates the attrs if needed. """ - @spec get_or_make(map(), list(String.t())) :: {:ok, t()} | {:error, Ecto.Changeset.t()} - def get_or_make(attrs, scopes) do - with %__MODULE__{} = app <- Repo.get_by(__MODULE__, attrs) do - update_scopes(app, scopes) + @spec get_or_make(map()) :: {:ok, t()} | {:error, Ecto.Changeset.t()} + def get_or_make(attrs) do + with %__MODULE__{} = app <- Repo.get_by(__MODULE__, client_name: attrs.client_name) do + __MODULE__.update(app.id, Map.take(attrs, [:scopes, :website])) else _e -> %__MODULE__{} - |> register_changeset(Map.put(attrs, :scopes, scopes)) + |> register_changeset(attrs) |> Repo.insert() end end - defp update_scopes(%__MODULE__{} = app, []), do: {:ok, app} - defp update_scopes(%__MODULE__{scopes: scopes} = app, scopes), do: {:ok, app} - - defp update_scopes(%__MODULE__{} = app, scopes) do - app - |> change(%{scopes: scopes}) - |> Repo.update() - end - @spec search(map()) :: {:ok, [t()], non_neg_integer()} def search(params) do query = from(a in __MODULE__) |