notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/masto-client] Fall back to token.scopes on /oauth/token (ISH-145)

Browse source 
Despite what the Mastodon API docs say, fallback to read is not what Mastodon does, and some clients (e.g. Enafore) rely on this undocumented API quirk.
This commit is contained in:
Laura Hausmann 2024-03-11 02:16:59 +01:00
parent 794abcd727
commit fc99afa754
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Iceshrimp.Backend/Controllers/Mastodon/AuthController.cs
View file

@ -106,12 +106,12 @@ public class AuthController(DatabaseContext db) : ControllerBase
throw GracefulException
.BadRequest("The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.");
if (MastodonOauthHelpers.ExpandScopes(request.Scopes)
if (MastodonOauthHelpers.ExpandScopes(request.Scopes ?? [])
.Except(MastodonOauthHelpers.ExpandScopes(token.Scopes))
.Any())
throw GracefulException.BadRequest("The requested scope is invalid, unknown, or malformed.");
token.Scopes = request.Scopes;
token.Scopes = request.Scopes ?? token.Scopes;
token.Active = true;
await db.SaveChangesAsync();

4
Iceshrimp.Backend/Controllers/Mastodon/Schemas/AuthSchemas.cs
View file

@ -70,14 +70,14 @@ public abstract class AuthSchemas
public class OauthTokenRequest
{
public List<string> Scopes = ["read"];
public List<string>? Scopes;
[B(Name = "scope")]
[J("scope")]
[JC(typeof(EnsureArrayConverter))]
public List<string> ScopesInternal
{
get => Scopes;
get => Scopes ?? [];
set => Scopes = value.Count == 1
? value[0].Contains(' ')
? value[0].Split(' ').ToList()