diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php index 419fbd878..f5aec0802 100644 --- a/src/Module/OAuth/Token.php +++ b/src/Module/OAuth/Token.php @@ -91,8 +91,10 @@ class Token extends BaseApi } elseif ($request['grant_type'] == 'authorization_code') { // For security reasons only allow freshly created tokens $uri = new Uri($request['redirect_uri']); - $condition = ["`redirect_uri` LIKE ? AND `id` = ? AND `code` = ? AND `created_at` > ?", - '%' . $uri->getScheme() . '://' . $uri->getHost() . $uri->getPath() . '%', $application['id'], $request['code'], DateTimeFormat::utc('now - 5 minutes')]; + $condition = [ + "`redirect_uri` LIKE ? AND `id` = ? AND `code` = ? AND `created_at` > ?", + '%' . $uri->getScheme() . '://' . $uri->getHost() . $uri->getPath() . '%', $application['id'], $request['code'], DateTimeFormat::utc('now - 5 minutes') + ]; $token = DBA::selectFirst('application-view', ['access_token', 'created_at', 'uid'], $condition); if (!DBA::isResult($token)) { diff --git a/src/Security/OAuth.php b/src/Security/OAuth.php index f11927a53..7655398b3 100644 --- a/src/Security/OAuth.php +++ b/src/Security/OAuth.php @@ -146,7 +146,7 @@ class OAuth if (($application['redirect_uri'] != $redirect_uri) && !in_array($redirect_uri, explode(' ', $application['redirect_uri']))) { return []; } - + return $application; } @@ -197,7 +197,8 @@ class OAuth 'write' => (stripos($scope, BaseApi::SCOPE_WRITE) !== false), 'follow' => (stripos($scope, BaseApi::SCOPE_FOLLOW) !== false), 'push' => (stripos($scope, BaseApi::SCOPE_PUSH) !== false), - 'created_at' => DateTimeFormat::utcNow()]; + 'created_at' => DateTimeFormat::utcNow() + ]; foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_PUSH] as $scope) { if ($fields[$scope] && !$application[$scope]) {