From 47e9aa6338f98519cb677630b8c7f0ee101d1723 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 17 Dec 2021 15:25:04 +0000 Subject: [PATCH 1/3] API: Fix for OAuth endpoints that mustn't be authorized --- src/Module/Api/Mastodon/Apps.php | 1 + src/Module/OAuth/Acknowledge.php | 6 ++++++ src/Module/OAuth/Revoke.php | 6 ++++++ src/Module/OAuth/Token.php | 6 ++++++ 4 files changed, 19 insertions(+) diff --git a/src/Module/Api/Mastodon/Apps.php b/src/Module/Api/Mastodon/Apps.php index 582232642..c1e6a222d 100644 --- a/src/Module/Api/Mastodon/Apps.php +++ b/src/Module/Api/Mastodon/Apps.php @@ -37,6 +37,7 @@ class Apps extends BaseApi { return parent::run($request, false); } + /** * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ diff --git a/src/Module/OAuth/Acknowledge.php b/src/Module/OAuth/Acknowledge.php index 477d3dfcf..b06fa9f23 100644 --- a/src/Module/OAuth/Acknowledge.php +++ b/src/Module/OAuth/Acknowledge.php @@ -24,12 +24,18 @@ namespace Friendica\Module\OAuth; use Friendica\Core\Renderer; use Friendica\DI; use Friendica\Module\BaseApi; +use Psr\Http\Message\ResponseInterface; /** * Acknowledgement of OAuth requests */ class Acknowledge extends BaseApi { + public function run(array $request = [], bool $scopecheck = true): ResponseInterface + { + return parent::run($request, false); + } + protected function post(array $request = []) { DI::session()->set('oauth_acknowledge', true); diff --git a/src/Module/OAuth/Revoke.php b/src/Module/OAuth/Revoke.php index 86bc01ced..525fdd97e 100644 --- a/src/Module/OAuth/Revoke.php +++ b/src/Module/OAuth/Revoke.php @@ -26,12 +26,18 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Module\BaseApi; +use Psr\Http\Message\ResponseInterface; /** * @see https://docs.joinmastodon.org/spec/oauth/ */ class Revoke extends BaseApi { + public function run(array $request = [], bool $scopecheck = true): ResponseInterface + { + return parent::run($request, false); + } + protected function post(array $request = []) { $request = $this->getRequest([ diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php index efd4000f6..1790b887d 100644 --- a/src/Module/OAuth/Token.php +++ b/src/Module/OAuth/Token.php @@ -28,6 +28,7 @@ use Friendica\DI; use Friendica\Module\BaseApi; use Friendica\Security\OAuth; use Friendica\Util\DateTimeFormat; +use Psr\Http\Message\ResponseInterface; /** * @see https://docs.joinmastodon.org/spec/oauth/ @@ -35,6 +36,11 @@ use Friendica\Util\DateTimeFormat; */ class Token extends BaseApi { + public function run(array $request = [], bool $scopecheck = true): ResponseInterface + { + return parent::run($request, false); + } + protected function post(array $request = []) { $request = $this->getRequest([ From 11e8ae52e00740fbbe0089b9ed633a80e1f6761a Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 18 Dec 2021 09:59:30 +0000 Subject: [PATCH 2/3] Issue 11109: Fix server detection --- src/Model/GServer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Model/GServer.php b/src/Model/GServer.php index af0304149..d133d7f18 100644 --- a/src/Model/GServer.php +++ b/src/Model/GServer.php @@ -349,7 +349,7 @@ class GServer } // On a redirect follow the new host but mark the old one as failure - if ($curlResult->isSuccess() && (parse_url($url, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST))) { + if ($curlResult->isSuccess() && !empty($curlResult->getRedirectUrl()) && (parse_url($url, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST))) { $curlResult = DI::httpClient()->get($url, [HttpClientOptions::TIMEOUT => $xrd_timeout]); if (parse_url($url, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST)) { Logger::info('Found redirect. Mark old entry as failure', ['old' => $url, 'new' => $curlResult->getRedirectUrl()]); From 3c2e1db19fe0b25f797d87b62a81d7e963277725 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 18 Dec 2021 10:07:16 +0000 Subject: [PATCH 3/3] Don't compare with an empty redirect url --- src/Model/GServer.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Model/GServer.php b/src/Model/GServer.php index d133d7f18..57b533a93 100644 --- a/src/Model/GServer.php +++ b/src/Model/GServer.php @@ -351,7 +351,7 @@ class GServer // On a redirect follow the new host but mark the old one as failure if ($curlResult->isSuccess() && !empty($curlResult->getRedirectUrl()) && (parse_url($url, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST))) { $curlResult = DI::httpClient()->get($url, [HttpClientOptions::TIMEOUT => $xrd_timeout]); - if (parse_url($url, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST)) { + if (!empty($curlResult->getRedirectUrl()) && parse_url($url, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST)) { Logger::info('Found redirect. Mark old entry as failure', ['old' => $url, 'new' => $curlResult->getRedirectUrl()]); self::setFailure($url); self::detect($curlResult->getRedirectUrl(), $network, $only_nodeinfo); @@ -388,7 +388,7 @@ class GServer $curlResult = DI::httpClient()->get($baseurl, [HttpClientOptions::TIMEOUT => $xrd_timeout]); if ($curlResult->isSuccess()) { - if ((parse_url($baseurl, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST))) { + if (!empty($curlResult->getRedirectUrl()) && (parse_url($baseurl, PHP_URL_HOST) != parse_url($curlResult->getRedirectUrl(), PHP_URL_HOST))) { Logger::info('Found redirect. Mark old entry as failure', ['old' => $url, 'new' => $curlResult->getRedirectUrl()]); self::setFailure($url); self::detect($curlResult->getRedirectUrl(), $network, $only_nodeinfo);