Issue 11101: Fix API authentification

src/Module/Api/Mastodon/Apps.php

@@ -26,12 +26,17 @@ use Friendica\Database\DBA;
 use Friendica\DI;
 use Friendica\Module\BaseApi;
 use Friendica\Util\Network;
+use Psr\Http\Message\ResponseInterface;
 
 /**
  * Apps class to register new OAuth clients
  */
 class Apps extends BaseApi
 {
+	public function run(array $request = [], bool $scopecheck = true): ResponseInterface
+	{
+		return parent::run($request, false);
+	}
 	/**
 	 * @throws \Friendica\Network\HTTPException\InternalServerErrorException
 	 */

src/Module/BaseApi.php

@@ -79,19 +79,21 @@ class BaseApi extends BaseModule
 	 *
 	 * @throws HTTPException\ForbiddenException
 	 */
-	public function run(array $request = []): ResponseInterface
+	public function run(array $request = [], bool $scopecheck = true): ResponseInterface
 	{
-		switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
+		if ($scopecheck) {
-			case Router::DELETE:
+			switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
-			case Router::PATCH:
+				case Router::DELETE:
-			case Router::POST:
+				case Router::PATCH:
-			case Router::PUT:
+				case Router::POST:
-				self::checkAllowedScope(self::SCOPE_WRITE);
+				case Router::PUT:
-
+					self::checkAllowedScope(self::SCOPE_WRITE);
-				if (!self::getCurrentUserID()) {
+	
-					throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
+					if (!self::getCurrentUserID()) {
-				}
+						throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-				break;
+					}
+					break;
+			}	
 		}
 
 		return parent::run($request);