From 2ecc79754108bb19986f6af36264ca7fda6d9a5f Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Sun, 22 Jan 2023 11:25:31 +0000
Subject: [PATCH 1/2] API: Show different ids on reshares / don't check for
 client secret

---
 src/Factory/Api/Mastodon/Status.php | 12 ++++++++++++
 src/Module/OAuth/Token.php          |  3 ++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/Factory/Api/Mastodon/Status.php b/src/Factory/Api/Mastodon/Status.php
index 2e16660c76..b32a6c510f 100644
--- a/src/Factory/Api/Mastodon/Status.php
+++ b/src/Factory/Api/Mastodon/Status.php
@@ -97,17 +97,29 @@ class Status extends BaseFactory
 			throw new HTTPException\NotFoundException('Item with URI ID ' . $uriId . ' not found' . ($uid ? ' for user ' . $uid : '.'));
 		}
 
+		$activity_fields = ['uri-id', 'thr-parent-id', 'uri', 'author-id', 'author-uri-id', 'author-link', 'app', 'created', 'network', 'parent-author-id', 'private'];
+
 		if (($item['gravity'] == Item::GRAVITY_ACTIVITY) && ($item['vid'] == Verb::getID(Activity::ANNOUNCE))) {
 			$is_reshare = true;
 			$account    = $this->mstdnAccountFactory->createFromUriId($item['author-uri-id'], $uid);
 			$uriId      = $item['thr-parent-id'];
+			$activity   = $item;
 			$item       = Post::selectFirst($fields, ['uri-id' => $uriId, 'uid' => [0, $uid]], ['order' => ['uid' => true]]);
 			if (!$item) {
 				throw new HTTPException\NotFoundException('Item with URI ID ' . $uriId . ' not found' . ($uid ? ' for user ' . $uid : '.'));
 			}
+			foreach ($activity_fields as $field) {
+				$item[$field] = $activity[$field];
+			}
 		} else {
 			$is_reshare = $reblog && !is_null($item['causer-uri-id']) && ($item['causer-id'] != $item['author-id']) && ($item['post-reason'] == Item::PR_ANNOUNCEMENT);
 			$account    = $this->mstdnAccountFactory->createFromUriId($is_reshare ? $item['causer-uri-id'] : $item['author-uri-id'], $uid);
+			if ($is_reshare) {
+				$activity = Post::selectFirstPost($activity_fields, ['thr-parent-id' => $item['uri-id'], 'author-id' => $item['causer-id'], 'verb' => Activity::ANNOUNCE]);
+				if ($activity) {
+					$item = array_merge($item, $activity);
+				}
+			}
 		}
 
 		$count_announce = Post::countPosts([
diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php
index 7481bf75f5..2752c69a6d 100644
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@@ -68,7 +68,8 @@ class Token extends BaseApi
 			}
 		}
 
-		if (empty($request['client_id']) || empty($request['client_secret'])) {
+		// "client_secret" is required for "client_credentials": https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/
+		if (empty($request['client_id']) || (($request['grant_type'] == 'client_credentials') && empty($request['client_secret']))) {
 			Logger::warning('Incomplete request data', ['request' => $request]);
 			DI::mstdnError()->Unauthorized('invalid_client', DI::l10n()->t('Incomplete request data'));
 		}

From 5a01fb05219b5fc5f041fc029038b32b3cdfbc08 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Mon, 23 Jan 2023 17:56:45 +0000
Subject: [PATCH 2/2] Don't show reblogged on single post

---
 src/Module/Api/Mastodon/Statuses.php | 2 +-
 src/Module/OAuth/Token.php           | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/Module/Api/Mastodon/Statuses.php b/src/Module/Api/Mastodon/Statuses.php
index 4c161193e9..71681968db 100644
--- a/src/Module/Api/Mastodon/Statuses.php
+++ b/src/Module/Api/Mastodon/Statuses.php
@@ -295,7 +295,7 @@ class Statuses extends BaseApi
 			DI::mstdnError()->UnprocessableEntity();
 		}
 
-		System::jsonExit(DI::mstdnStatus()->createFromUriId($this->parameters['id'], $uid));
+		System::jsonExit(DI::mstdnStatus()->createFromUriId($this->parameters['id'], $uid, false));
 	}
 
 	private function getApp(): string
diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php
index 07f9bb8c63..ecb65048d0 100644
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@@ -71,8 +71,7 @@ class Token extends BaseApi
 			}
 		}
 
-		// "client_secret" is required for "client_credentials": https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/
-		if (empty($request['client_id']) || (($request['grant_type'] == 'client_credentials') && empty($request['client_secret']))) {
+		if (empty($request['client_id']) || empty($request['client_secret'])) {
 			Logger::warning('Incomplete request data', ['request' => $request]);
 			DI::mstdnError()->Unauthorized('invalid_client', DI::l10n()->t('Incomplete request data'));
 		}