summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/pleroma/web/controller_helper.ex4
-rw-r--r--lib/pleroma/web/mastodon_api/mastodon_api_controller.ex11
-rw-r--r--lib/pleroma/web/oauth.ex23
-rw-r--r--lib/pleroma/web/oauth/oauth_controller.ex12
4 files changed, 28 insertions, 22 deletions
diff --git a/lib/pleroma/web/controller_helper.ex b/lib/pleroma/web/controller_helper.ex
index 14e3d19fd..a32195b49 100644
--- a/lib/pleroma/web/controller_helper.ex
+++ b/lib/pleroma/web/controller_helper.ex
@@ -5,6 +5,10 @@
defmodule Pleroma.Web.ControllerHelper do
use Pleroma.Web, :controller
+ def oauth_scopes(params, default) do
+ Pleroma.Web.OAuth.parse_scopes(params["scopes"] || params["scope"], default)
+ end
+
def json_response(conn, status, json) do
conn
|> put_status(status)
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index 59f472e91..a1e9472b2 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -19,11 +19,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.ActivityPub.Utils
alias Pleroma.Web.CommonAPI
- alias Pleroma.Web.OAuth
alias Pleroma.Web.OAuth.{Authorization, Token, App}
alias Pleroma.Web.MediaProxy
+ import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
import Ecto.Query
+
require Logger
@httpoison Application.get_env(:pleroma, :httpoison)
@@ -32,8 +33,12 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
action_fallback(:errors)
def create_app(conn, params) do
- scopes = OAuth.parse_scopes(params["scope"] || params["scopes"])
- app_attrs = params |> Map.drop(["scope", "scopes"]) |> Map.put("scopes", scopes)
+ scopes = oauth_scopes(params, [])
+
+ app_attrs =
+ params
+ |> Map.drop(["scope", "scopes"])
+ |> Map.put("scopes", scopes)
with cs <- App.register_changeset(%App{}, app_attrs),
false <- cs.changes[:client_name] == @local_mastodon_name,
diff --git a/lib/pleroma/web/oauth.ex b/lib/pleroma/web/oauth.ex
index 761b80fde..8c78d1100 100644
--- a/lib/pleroma/web/oauth.ex
+++ b/lib/pleroma/web/oauth.ex
@@ -3,22 +3,21 @@
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.OAuth do
- def parse_scopes(nil) do
- nil
+ def parse_scopes(scopes, default) when is_list(scopes) do
+ scopes = Enum.filter(scopes, &(&1 not in [nil, ""]))
+
+ if Enum.any?(scopes),
+ do: scopes,
+ else: default
end
- def parse_scopes(scopes) when is_list(scopes) do
+ def parse_scopes(scopes, default) when is_binary(scopes) do
scopes
+ |> String.split(~r/[\s,]+/)
+ |> parse_scopes(default)
end
- def parse_scopes(scopes) do
- scopes =
- scopes
- |> to_string()
- |> String.trim()
-
- if scopes == "",
- do: [],
- else: String.split(scopes, [" ", ","])
+ def parse_scopes(_, default) do
+ default
end
end
diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index f00d5293d..3e905c7c7 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -5,11 +5,12 @@
defmodule Pleroma.Web.OAuth.OAuthController do
use Pleroma.Web, :controller
- alias Pleroma.Web.OAuth
alias Pleroma.Web.OAuth.{Authorization, Token, App}
alias Pleroma.{Repo, User}
alias Comeonin.Pbkdf2
+ import Pleroma.Web.ControllerHelper, only: [oauth_scopes: 2]
+
plug(:fetch_session)
plug(:fetch_flash)
@@ -19,7 +20,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
render(conn, "show.html", %{
response_type: params["response_type"],
client_id: params["client_id"],
- scopes: scopes(params) || [],
+ scopes: oauth_scopes(params, []),
redirect_uri: params["redirect_uri"],
state: params["state"]
})
@@ -39,7 +40,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
%App{} = app <- Repo.get_by(App, client_id: client_id),
true <- redirect_uri in String.split(app.redirect_uris),
- scopes <- scopes(params) || app.scopes,
+ scopes <- oauth_scopes(params, app.scopes),
[] <- scopes -- app.scopes,
true <- Enum.any?(scopes),
{:ok, auth} <- Authorization.create_authorization(app, user, scopes) do
@@ -117,7 +118,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
%User{} = user <- User.get_by_nickname_or_email(name),
true <- Pbkdf2.checkpw(password, user.password_hash),
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
- scopes <- scopes(params) || app.scopes,
+ scopes <- oauth_scopes(params, app.scopes),
{:ok, auth} <- Authorization.create_authorization(app, user, scopes),
{:ok, token} <- Token.exchange_token(app, auth) do
response = %{
@@ -197,7 +198,4 @@ defmodule Pleroma.Web.OAuth.OAuthController do
nil
end
end
-
- defp scopes(params),
- do: OAuth.parse_scopes(params["scopes"] || params["scope"])
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 01:32:16 +0000