From 8b841dfa50a50a8676bb6a2a0824a4b48aa156b6 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 13 May 2021 22:00:40 +0000 Subject: [PATCH] Fix connection issues with AndStatus --- doc/API-Mastodon.md | 3 ++- src/Module/OAuth/Token.php | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/doc/API-Mastodon.md b/doc/API-Mastodon.md index 18af62be68..09cf169e2b 100644 --- a/doc/API-Mastodon.md +++ b/doc/API-Mastodon.md @@ -16,12 +16,13 @@ Supported mobile apps: - Tusky - Husky - twitlatte +- AndStatus +- Twidere Unsupported mobile apps: - [Subway Tooter](https://github.com/tateisu/SubwayTooter) Uses the wrong grant_type when requesting a token, possibly a problem in the server type detection of the app. See issue https://github.com/tateisu/SubwayTooter/issues/156 - [Mammut](https://github.com/jamiesanson/Mammut) States that the instance doesn't exist. Most likely an issue in the vitality check of the app, see issue https://github.com/jamiesanson/Mammut/issues/19 -- [AndStatus](https://github.com/andstatus/andstatus) Doesn't provide all data at token request, see issue https://github.com/andstatus/andstatus/issues/537 - [Fedilab](https://framagit.org/tom79/fedilab) Automatically uses the legacy API, see issue: https://framagit.org/tom79/fedilab/-/issues/520 ## Entities diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php index c3aaac6d1e..0a1a32b744 100644 --- a/src/Module/OAuth/Token.php +++ b/src/Module/OAuth/Token.php @@ -41,6 +41,15 @@ class Token extends BaseApi $client_id = $_REQUEST['client_id'] ?? ''; $client_secret = $_REQUEST['client_secret'] ?? ''; + // AndStatus transmits the client data in the AUTHORIZATION header field, see https://github.com/andstatus/andstatus/issues/530 + if (empty($client_id) && !empty($_SERVER['HTTP_AUTHORIZATION']) && (substr($_SERVER['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ')) { + $datapair = explode(':', base64_decode(trim(substr($_SERVER['HTTP_AUTHORIZATION'], 6)))); + if (count($datapair) == 2) { + $client_id = $datapair[0]; + $client_secret = $datapair[1]; + } + } + if ($grant_type != 'authorization_code') { Logger::warning('Unsupported or missing grant type', ['request' => $_REQUEST]); DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Unsupported or missing grant type'));