Merge branch 'authenticated-api-oauth-check-enforcement' into 'develop'

Enforcement of OAuth scopes check for authenticated API endpoints See merge request pleroma/pleroma!2349
author: rinpatch <rinpatch@sdf.org> 2020-04-16 21:58:57 +0000
committer: rinpatch <rinpatch@sdf.org> 2020-04-16 21:58:57 +0000
commit: badd888ccbeed88228c0de66c068812a49139ce3 (patch)
tree: 8af60de490fcd43a60f35afe54820d96f86f41b4 /lib/pleroma/web/twitter_api
parent: 28bcde5d982ee0cd7bfac68585311661f19de2c4 (diff)
parent: bde1189c349dc114aca2e9310dda840a1007825f (diff)
download: pleroma-badd888ccbeed88228c0de66c068812a49139ce3.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/pleroma/web/twitter_api/twitter_api_controller.ex b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
index 0229aea97..31adc2817 100644
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@@ -15,6 +15,8 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
 
   plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read)
 
+  plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])
+
   plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
 
   action_fallback(:errors)
author	rinpatch <rinpatch@sdf.org>	2020-04-16 21:58:57 +0000
committer	rinpatch <rinpatch@sdf.org>	2020-04-16 21:58:57 +0000
commit	badd888ccbeed88228c0de66c068812a49139ce3 (patch)
tree	8af60de490fcd43a60f35afe54820d96f86f41b4 /lib/pleroma/web/twitter_api
parent	28bcde5d982ee0cd7bfac68585311661f19de2c4 (diff)
parent	bde1189c349dc114aca2e9310dda840a1007825f (diff)
download	pleroma-badd888ccbeed88228c0de66c068812a49139ce3.tar.gz