[#468] Defined OAuth restrictions for all applicable routes.

Improved missing "scopes" param handling. Allowed "any of" / "all of" mode specification in OAuthScopesPlug. Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
author: Ivan Tashkinov <ivantashkinov@gmail.com> 2019-02-15 19:54:37 +0300
committer: Ivan Tashkinov <ivantashkinov@gmail.com> 2019-02-15 19:54:37 +0300
commit: 2a4a4f3342bb3d2bbbd2354e858278d2e17f8654 (patch)
tree: 11b0ef4815c5db986d4051ce9e3538dc8ffea6bb /lib/pleroma/web/oauth.ex
parent: 027adbc9e5c60cd43b8857eb7a3124e6df1310c2 (diff)
download: pleroma-2a4a4f3342bb3d2bbbd2354e858278d2e17f8654.tar.gz
1 files changed, 3 insertions, 6 deletions
diff --git a/lib/pleroma/web/oauth.ex b/lib/pleroma/web/oauth.ex
index 8c78d1100..d2835a0ba 100644
--- a/lib/pleroma/web/oauth.ex
+++ b/lib/pleroma/web/oauth.ex
@@ -3,16 +3,13 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Web.OAuth do
-  def parse_scopes(scopes, default) when is_list(scopes) do
-    scopes = Enum.filter(scopes, &(&1 not in [nil, ""]))
-
-    if Enum.any?(scopes),
-      do: scopes,
-      else: default
+  def parse_scopes(scopes, _default) when is_list(scopes) do
+    Enum.filter(scopes, &(&1 not in [nil, ""]))
   end
 
   def parse_scopes(scopes, default) when is_binary(scopes) do
     scopes
+    |> String.trim()
     |> String.split(~r/[\s,]+/)
     |> parse_scopes(default)
   end
author	Ivan Tashkinov <ivantashkinov@gmail.com>	2019-02-15 19:54:37 +0300
committer	Ivan Tashkinov <ivantashkinov@gmail.com>	2019-02-15 19:54:37 +0300
commit	2a4a4f3342bb3d2bbbd2354e858278d2e17f8654 (patch)
tree	11b0ef4815c5db986d4051ce9e3538dc8ffea6bb /lib/pleroma/web/oauth.ex
parent	027adbc9e5c60cd43b8857eb7a3124e6df1310c2 (diff)
download	pleroma-2a4a4f3342bb3d2bbbd2354e858278d2e17f8654.tar.gz