aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web/oauth/oauth_controller.ex
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web/oauth/oauth_controller.ex')
-rw-r--r--lib/pleroma/web/oauth/oauth_controller.ex29
1 files changed, 20 insertions, 9 deletions
diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index a2c62ae68..b300c96df 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -187,25 +187,25 @@ defmodule Pleroma.Web.OAuth.OAuthController do
|> redirect(to: "/")
end
- def callback(%{assigns: %{ueberauth_failure: failure}} = conn, %{"redirect_uri" => redirect_uri}) do
+ def callback(%{assigns: %{ueberauth_failure: failure}} = conn, params) do
+ params = callback_params(params)
messages = for e <- Map.get(failure, :errors, []), do: e.message
message = Enum.join(messages, "; ")
conn
|> put_flash(:error, "Failed to authenticate: #{message}.")
- |> redirect(external: redirect_uri(conn, redirect_uri))
+ |> redirect(external: redirect_uri(conn, params["redirect_uri"]))
end
- def callback(
- conn,
- %{"client_id" => client_id, "redirect_uri" => redirect_uri} = params
- ) do
+ def callback(conn, params) do
+ params = callback_params(params)
+
with {:ok, registration} <- Authenticator.get_registration(conn, params) do
user = Repo.preload(registration, :user).user
auth_params = %{
- "client_id" => client_id,
- "redirect_uri" => redirect_uri,
+ "client_id" => params["client_id"],
+ "redirect_uri" => params["redirect_uri"],
"scopes" => oauth_scopes(params, nil)
}
@@ -230,10 +230,21 @@ defmodule Pleroma.Web.OAuth.OAuthController do
_ ->
conn
|> put_flash(:error, "Failed to set up user account.")
- |> redirect(external: redirect_uri(conn, redirect_uri))
+ |> redirect(external: redirect_uri(conn, params["redirect_uri"]))
end
end
+ defp callback_params(%{"state" => state} = params) do
+ [client_id, redirect_uri, scope, state] = String.split(state, "|")
+
+ Map.merge(params, %{
+ "client_id" => client_id,
+ "redirect_uri" => redirect_uri,
+ "scope" => scope,
+ "state" => state
+ })
+ end
+
def registration_details(conn, params) do
render(conn, "register.html", %{
client_id: params["client_id"],
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-26 01:53:15 +0000