Ensure apps are assigned to users
This commit is contained in:
parent
427da7a99a
commit
7bd0750787
5 changed files with 42 additions and 1 deletions
|
@ -1 +1 @@
|
|||
Add a rate limiter to the OAuth App creation endpoint
|
||||
Add a rate limiter to the OAuth App creation endpoint and ensure registered apps are assigned to users.
|
||||
|
|
|
@ -8,6 +8,7 @@ defmodule Pleroma.Web.OAuth.App do
|
|||
import Ecto.Query
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
@type t :: %__MODULE__{}
|
||||
|
||||
|
@ -155,4 +156,13 @@ def errors(changeset) do
|
|||
Map.put(acc, key, error)
|
||||
end)
|
||||
end
|
||||
|
||||
@spec maybe_update_owner(Token.t()) :: :ok
|
||||
def maybe_update_owner(%Token{app_id: app_id, user_id: user_id}) when not is_nil(user_id) do
|
||||
__MODULE__.update(app_id, %{user_id: user_id})
|
||||
|
||||
:ok
|
||||
end
|
||||
|
||||
def maybe_update_owner(_), do: :ok
|
||||
end
|
||||
|
|
|
@ -318,6 +318,8 @@ def token_exchange(%Plug.Conn{} = conn, %{"grant_type" => "client_credentials"}
|
|||
def token_exchange(%Plug.Conn{} = conn, params), do: bad_request(conn, params)
|
||||
|
||||
def after_token_exchange(%Plug.Conn{} = conn, %{token: token} = view_params) do
|
||||
App.maybe_update_owner(token)
|
||||
|
||||
conn
|
||||
|> AuthHelper.put_session_token(token.token)
|
||||
|> json(OAuthView.render("token.json", view_params))
|
||||
|
|
21
priv/repo/migrations/20240904142434_assign_app_user.exs
Normal file
21
priv/repo/migrations/20240904142434_assign_app_user.exs
Normal file
|
@ -0,0 +1,21 @@
|
|||
defmodule Pleroma.Repo.Migrations.AssignAppUser do
|
||||
use Ecto.Migration
|
||||
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.Web.OAuth.App
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
||||
def up do
|
||||
Repo.all(Token)
|
||||
|> Enum.group_by(fn x -> Map.get(x, :app_id) end)
|
||||
|> Enum.each(fn {_app_id, tokens} ->
|
||||
token =
|
||||
Enum.filter(tokens, fn x -> not is_nil(x.user_id) end)
|
||||
|> List.first()
|
||||
|
||||
App.maybe_update_owner(token)
|
||||
end)
|
||||
end
|
||||
|
||||
def down, do: :ok
|
||||
end
|
|
@ -12,6 +12,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
|
|||
alias Pleroma.MFA.TOTP
|
||||
alias Pleroma.Repo
|
||||
alias Pleroma.User
|
||||
alias Pleroma.Web.OAuth.App
|
||||
alias Pleroma.Web.OAuth.Authorization
|
||||
alias Pleroma.Web.OAuth.OAuthController
|
||||
alias Pleroma.Web.OAuth.Token
|
||||
|
@ -770,6 +771,9 @@ test "issues a token for an all-body request" do
|
|||
|
||||
{:ok, auth} = Authorization.create_authorization(app, user, ["write"])
|
||||
|
||||
# Verify app has no associated user yet
|
||||
assert %Pleroma.Web.OAuth.App{user_id: nil} = Repo.get_by(App, %{id: app.id})
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> post("/oauth/token", %{
|
||||
|
@ -786,6 +790,10 @@ test "issues a token for an all-body request" do
|
|||
assert token
|
||||
assert token.scopes == auth.scopes
|
||||
assert user.ap_id == ap_id
|
||||
|
||||
# Verify app has an associated user now
|
||||
user_id = user.id
|
||||
assert %Pleroma.Web.OAuth.App{user_id: ^user_id} = Repo.get_by(App, %{id: app.id})
|
||||
end
|
||||
|
||||
test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do
|
||||
|
|
Loading…
Reference in a new issue