aboutsummaryrefslogtreecommitdiff
path: root/lib/pleroma/web/oauth
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pleroma/web/oauth')
-rw-r--r--lib/pleroma/web/oauth/oauth_controller.ex5
-rw-r--r--lib/pleroma/web/oauth/scopes.ex14
2 files changed, 10 insertions, 9 deletions
diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index e418dc70d..03c9a5027 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -24,6 +24,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
plug(:fetch_session)
plug(:fetch_flash)
+ plug(Pleroma.Plugs.RateLimiter, :authentication when action == :create_authorization)
action_fallback(Pleroma.Web.OAuth.FallbackController)
@@ -460,7 +461,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
end
# Special case: Local MastodonFE
- defp redirect_uri(%Plug.Conn{} = conn, "."), do: mastodon_api_url(conn, :login)
+ defp redirect_uri(%Plug.Conn{} = conn, "."), do: auth_url(conn, :login)
defp redirect_uri(%Plug.Conn{}, redirect_uri), do: redirect_uri
@@ -474,7 +475,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
defp validate_scopes(app, params) do
params
|> Scopes.fetch_scopes(app.scopes)
- |> Scopes.validates(app.scopes)
+ |> Scopes.validate(app.scopes)
end
def default_redirect_uri(%App{} = app) do
diff --git a/lib/pleroma/web/oauth/scopes.ex b/lib/pleroma/web/oauth/scopes.ex
index ad9dfb260..48bd14407 100644
--- a/lib/pleroma/web/oauth/scopes.ex
+++ b/lib/pleroma/web/oauth/scopes.ex
@@ -8,7 +8,7 @@ defmodule Pleroma.Web.OAuth.Scopes do
"""
@doc """
- Fetch scopes from requiest params.
+ Fetch scopes from request params.
Note: `scopes` is used by Mastodon — supporting it but sticking to
OAuth's standard `scope` wherever we control it
@@ -53,14 +53,14 @@ defmodule Pleroma.Web.OAuth.Scopes do
@doc """
Validates scopes.
"""
- @spec validates(list() | nil, list()) ::
+ @spec validate(list() | nil, list()) ::
{:ok, list()} | {:error, :missing_scopes | :unsupported_scopes}
- def validates([], _app_scopes), do: {:error, :missing_scopes}
- def validates(nil, _app_scopes), do: {:error, :missing_scopes}
+ def validate([], _app_scopes), do: {:error, :missing_scopes}
+ def validate(nil, _app_scopes), do: {:error, :missing_scopes}
- def validates(scopes, app_scopes) do
- case scopes -- app_scopes do
- [] -> {:ok, scopes}
+ def validate(scopes, app_scopes) do
+ case Pleroma.Plugs.OAuthScopesPlug.filter_descendants(scopes, app_scopes) do
+ ^scopes -> {:ok, scopes}
_ -> {:error, :unsupported_scopes}
end
end
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-26 07:35:46 +0000