tobias/friendica
1
0
Fork 0
Code Pull requests Activity

API: Parameter cleanup

Browse source
This commit is contained in:
Michael 2021-05-19 06:18:42 +00:00
parent 453e6a9d75
commit e3d227f3c9
22 changed files with 147 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/Module/Api/Friendica/Events/Index.php
View file

@ -39,11 +39,13 @@ class Index extends BaseApi
throw new HTTPException\ForbiddenException(); throw new HTTPException\ForbiddenException();
} }
$since_id = $_REQUEST['since_id'] ?? 0; $request = self::getRequest([
$count = $_REQUEST['count'] ?? 20; 'since_id' => 0,
'count' => 0,
]);
$condition = ["`id` > ? AND `uid` = ?", $since_id, self::$current_user_id]; $condition = ["`id` > ? AND `uid` = ?", $request['since_id'], self::$current_user_id];
$params = ['limit' => $count]; $params = ['limit' => $request['count']];
$events = DBA::selectToArray('event', [], $condition, $params); $events = DBA::selectToArray('event', [], $condition, $params);
$items = []; $items = [];

2
src/Module/Api/Mastodon/Accounts/Followers.php
View file

@ -49,6 +49,8 @@ class Followers extends BaseApi
DI::mstdnError()->RecordNotFound(); DI::mstdnError()->RecordNotFound();
} }
// @todo provide HTTP link header
$request = self::getRequest([ $request = self::getRequest([
'max_id' => 0, // Return results older than this id 'max_id' => 0, // Return results older than this id
'since_id' => 0, // Return results newer than this id 'since_id' => 0, // Return results newer than this id

4
src/Module/Api/Mastodon/Accounts/Following.php
View file

@ -49,10 +49,12 @@ class Following extends BaseApi
DI::mstdnError()->RecordNotFound(); DI::mstdnError()->RecordNotFound();
} }
// @todo provide HTTP link header
$request = self::getRequest([ $request = self::getRequest([
'max_id' => 0, // Return results older than this id 'max_id' => 0, // Return results older than this id
'since_id' => 0, // Return results newer than this id 'since_id' => 0, // Return results newer than this id
'limit' => 20, // Maximum number of results to return. Defaults to 20. 'limit' => 40, // Maximum number of results to return. Defaults to 40.
]); ]);
$params = ['order' => ['relation-cid' => true], 'limit' => $request['limit']]; $params = ['order' => ['relation-cid' => true], 'limit' => $request['limit']];

6
src/Module/Api/Mastodon/Accounts/Note.php
View file

@ -41,12 +41,16 @@ class Note extends BaseApi
DI::mstdnError()->UnprocessableEntity(); DI::mstdnError()->UnprocessableEntity();
} }
$request = self::getRequest([
'comment' => '',
]);
$cdata = Contact::getPublicAndUserContacID($parameters['id'], $uid); $cdata = Contact::getPublicAndUserContacID($parameters['id'], $uid);
if (empty($cdata['user'])) { if (empty($cdata['user'])) {
DI::mstdnError()->RecordNotFound(); DI::mstdnError()->RecordNotFound();
} }
DBA::update('contact', ['info' => $_REQUEST['comment'] ?? ''], ['id' => $cdata['user']]); DBA::update('contact', ['info' => $request['comment']], ['id' => $cdata['user']]);
System::jsonExit(DI::mstdnRelationship()->createFromContactId($parameters['id'], $uid)->toArray()); System::jsonExit(DI::mstdnRelationship()->createFromContactId($parameters['id'], $uid)->toArray());
} }

8
src/Module/Api/Mastodon/Accounts/Relationships.php
View file

@ -40,13 +40,17 @@ class Relationships extends BaseApi
self::login(self::SCOPE_READ); self::login(self::SCOPE_READ);
$uid = self::getCurrentUserID(); $uid = self::getCurrentUserID();
if (empty($_REQUEST['id']) || !is_array($_REQUEST['id'])) { $request = self::getRequest([
'id' => [],
]);
if (empty($request['id']) || !is_array($request['id'])) {
DI::mstdnError()->UnprocessableEntity(); DI::mstdnError()->UnprocessableEntity();
} }
$relationsships = []; $relationsships = [];
foreach ($_REQUEST['id'] as $id) { foreach ($request['id'] as $id) {
$relationsships[] = DI::mstdnRelationship()->createFromContactId($id, $uid); $relationsships[] = DI::mstdnRelationship()->createFromContactId($id, $uid);
} }

4
src/Module/Api/Mastodon/Accounts/Statuses.php
View file

@ -59,7 +59,9 @@ class Statuses extends BaseApi
'limit' => 20, // Maximum number of results to return. Defaults to 20. 'limit' => 20, // Maximum number of results to return. Defaults to 20.
'pinned' => false, // Only pinned posts 'pinned' => false, // Only pinned posts
'exclude_replies' => false, // Don't show comments 'exclude_replies' => false, // Don't show comments
'with_muted' => false, // Unknown parameter 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
'exclude_reblogs' => false, // Undocumented parameter
'tagged' => false, // Undocumented parameter
]); ]);
$params = ['order' => ['uri-id' => true], 'limit' => $request['limit']]; $params = ['order' => ['uri-id' => true], 'limit' => $request['limit']];

2
src/Module/Api/Mastodon/Blocks.php
View file

@ -49,6 +49,8 @@ class Blocks extends BaseApi
DI::mstdnError()->RecordNotFound(); DI::mstdnError()->RecordNotFound();
} }
// @todo provide HTTP link header
$request = self::getRequest([ $request = self::getRequest([
'max_id' => 0, // Return results older than this id 'max_id' => 0, // Return results older than this id
'since_id' => 0, // Return results newer than this id 'since_id' => 0, // Return results newer than this id

10
src/Module/Api/Mastodon/Bookmarks.php
View file

@ -43,11 +43,11 @@ class Bookmarks extends BaseApi
$uid = self::getCurrentUserID(); $uid = self::getCurrentUserID();
$request = self::getRequest([ $request = self::getRequest([
'limit' => 20, // Maximum number of results to return. Defaults to 20. 'limit' => 20, // Maximum number of results to return. Defaults to 20.
'max_id' => 0, // Return results older than id 'max_id' => 0, // Return results older than id
'since_id' => 0, // Return results newer than id 'since_id' => 0, // Return results newer than id
'min_id' => 0, // Return results immediately newer than id 'min_id' => 0, // Return results immediately newer than id
'with_muted' => false, // Unknown parameter 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
]); ]);
$params = ['order' => ['uri-id' => true], 'limit' => $request['limit']]; $params = ['order' => ['uri-id' => true], 'limit' => $request['limit']];

4
src/Module/Api/Mastodon/Favourited.php
View file

@ -43,11 +43,13 @@ class Favourited extends BaseApi
self::login(self::SCOPE_READ); self::login(self::SCOPE_READ);
$uid = self::getCurrentUserID(); $uid = self::getCurrentUserID();
// @todo provide HTTP link header
$request = self::getRequest([ $request = self::getRequest([
'limit' => 20, // Maximum number of results to return. Defaults to 20. 'limit' => 20, // Maximum number of results to return. Defaults to 20.
'min_id' => 0, // Return results immediately newer than id 'min_id' => 0, // Return results immediately newer than id
'max_id' => 0, // Return results older than id 'max_id' => 0, // Return results older than id
'with_muted' => false, // Unknown parameter 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
]); ]);
$params = ['order' => ['thr-parent-id' => true], 'limit' => $request['limit']]; $params = ['order' => ['thr-parent-id' => true], 'limit' => $request['limit']];

11
src/Module/Api/Mastodon/Lists.php
View file

@ -57,15 +57,18 @@ class Lists extends BaseApi
self::login(self::SCOPE_WRITE); self::login(self::SCOPE_WRITE);
$uid = self::getCurrentUserID(); $uid = self::getCurrentUserID();
$title = $_REQUEST['title'] ?? '';
if (empty($title)) { $request = self::getRequest([
'title' => '',
]);
if (empty($request['title'])) {
DI::mstdnError()->UnprocessableEntity(); DI::mstdnError()->UnprocessableEntity();
} }
Group::create($uid, $title); Group::create($uid, $request['title']);
$id = Group::getIdByName($uid, $title); $id = Group::getIdByName($uid, $request['title']);
if (!$id) { if (!$id) {
DI::mstdnError()->InternalError(); DI::mstdnError()->InternalError();
} }

4
src/Module/Api/Mastodon/Lists/Accounts.php
View file

@ -27,7 +27,7 @@ use Friendica\DI;
use Friendica\Module\BaseApi; use Friendica\Module\BaseApi;
/** /**
* @see https://docs.joinmastodon.org/methods/timelines/lists/ * @see https://docs.joinmastodon.org/methods/timelines/lists/#accounts-in-a-list
* *
* Currently the output will be unordered since we use public contact ids in the api and not user contact ids. * Currently the output will be unordered since we use public contact ids in the api and not user contact ids.
*/ */
@ -61,6 +61,8 @@ class Accounts extends BaseApi
DI::mstdnError()->RecordNotFound(); DI::mstdnError()->RecordNotFound();
} }
// @todo provide HTTP link header
$request = self::getRequest([ $request = self::getRequest([
'max_id' => 0, // Return results older than this id 'max_id' => 0, // Return results older than this id
'since_id' => 0, // Return results newer than this id 'since_id' => 0, // Return results newer than this id

2
src/Module/Api/Mastodon/Mutes.php
View file

@ -49,6 +49,8 @@ class Mutes extends BaseApi
DI::mstdnError()->RecordNotFound(); DI::mstdnError()->RecordNotFound();
} }
// @todo provide HTTP link header
$request = self::getRequest([ $request = self::getRequest([
'max_id' => 0, // Return results older than this id 'max_id' => 0, // Return results older than this id
'since_id' => 0, // Return results newer than this id 'since_id' => 0, // Return results newer than this id

2
src/Module/Api/Mastodon/Notifications.php
View file

@ -57,7 +57,7 @@ class Notifications extends BaseApi
'limit' => 20, // Maximum number of results to return (default 20) 'limit' => 20, // Maximum number of results to return (default 20)
'exclude_types' => [], // Array of types to exclude (follow, favourite, reblog, mention, poll, follow_request) 'exclude_types' => [], // Array of types to exclude (follow, favourite, reblog, mention, poll, follow_request)
'account_id' => 0, // Return only notifications received from this account 'account_id' => 0, // Return only notifications received from this account
'with_muted' => false, // Unknown parameter 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
'count' => 0, // Unknown parameter 'count' => 0, // Unknown parameter
]); ]);

4
src/Module/Api/Mastodon/Search.php
View file

@ -55,8 +55,8 @@ class Search extends BaseApi
'q' => '', // The search query 'q' => '', // The search query
'resolve' => false, // Attempt WebFinger lookup. Defaults to false. 'resolve' => false, // Attempt WebFinger lookup. Defaults to false.
'limit' => 20, // Maximum number of results to load, per type. Defaults to 20. Max 40. 'limit' => 20, // Maximum number of results to load, per type. Defaults to 20. Max 40.
'offset' => 0, // Maximum number of results to load, per type. Defaults to 20. Max 40. 'offset' => 0, // Offset in search results. Used for pagination. Defaults to 0.
'following' => false, // Only who the user is following. Defaults to false. 'following' => false, // Only include accounts that the user is following. Defaults to false.
]); ]);
if (empty($request['q'])) { if (empty($request['q'])) {

7
src/Module/Api/Mastodon/Suggestions.php
View file

@ -40,10 +40,11 @@ class Suggestions extends BaseApi
self::login(self::SCOPE_READ); self::login(self::SCOPE_READ);
$uid = self::getCurrentUserID(); $uid = self::getCurrentUserID();
// Maximum number of results to return. Defaults to 40. $request = self::getRequest([
$limit = (int)!isset($_REQUEST['limit']) ? 40 : $_REQUEST['limit']; 'limit' => 40, // Maximum number of results to return. Defaults to 40.
]);
$suggestions = Contact\Relation::getSuggestions($uid, 0, $limit); $suggestions = Contact\Relation::getSuggestions($uid, 0, $request['limit']);
$accounts = []; $accounts = [];

20
src/Module/Api/Mastodon/Timelines/Home.php
View file

@ -47,8 +47,11 @@ class Home extends BaseApi
'since_id' => 0, // Return results newer than id 'since_id' => 0, // Return results newer than id
'min_id' => 0, // Return results immediately newer than id 'min_id' => 0, // Return results immediately newer than id
'limit' => 20, // Maximum number of results to return. Defaults to 20. 'limit' => 20, // Maximum number of results to return. Defaults to 20.
'local' => false, // Return only local statuses? Defaults to false. 'local' => false, // Return only local statuses?
'with_muted' => false, // Unknown parameter 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
'only_media' => false, // Show only statuses with media attached? Defaults to false.
'local' => false, // Show only local statuses? Defaults to false.
'remote' => false, // Show only remote statuses? Defaults to false.
]); ]);
$params = ['order' => ['uri-id' => true], 'limit' => $request['limit']]; $params = ['order' => ['uri-id' => true], 'limit' => $request['limit']];
@ -73,6 +76,19 @@ class Home extends BaseApi
$params['order'] = ['uri-id']; $params['order'] = ['uri-id'];
} }
if ($request['only_media']) {
$condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-media` WHERE `type` IN (?, ?, ?))",
Post\Media::AUDIO, Post\Media::IMAGE, Post\Media::VIDEO]);
}
if ($request['local']) {
$condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin`)"]);
}
if ($request['remote']) {
$condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin`)"]);
}
$items = Post::selectForUser($uid, ['uri-id'], $condition, $params); $items = Post::selectForUser($uid, ['uri-id'], $condition, $params);
$statuses = []; $statuses = [];

20
src/Module/Api/Mastodon/Timelines/ListTimeline.php
View file

@ -50,8 +50,11 @@ class ListTimeline extends BaseApi
'max_id' => 0, // Return results older than id 'max_id' => 0, // Return results older than id
'since_id' => 0, // Return results newer than id 'since_id' => 0, // Return results newer than id
'min_id' => 0, // Return results immediately newer than id 'min_id' => 0, // Return results immediately newer than id
'limit' => 20, // Maximum number of results to return. Defaults to 20. 'limit' => 20, // Maximum number of results to return. Defaults to 20.Return results older than this ID.
'with_muted' => false, // Unknown parameter 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
'only_media' => false, // Show only statuses with media attached? Defaults to false.
'local' => false, // Show only local statuses? Defaults to false.
'remote' => false, // Show only remote statuses? Defaults to false.
]); ]);
$params = ['order' => ['uri-id' => true], 'limit' => $request['limit']]; $params = ['order' => ['uri-id' => true], 'limit' => $request['limit']];
@ -73,6 +76,19 @@ class ListTimeline extends BaseApi
$params['order'] = ['uri-id']; $params['order'] = ['uri-id'];
} }
if ($request['only_media']) {
$condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-media` WHERE `type` IN (?, ?, ?))",
Post\Media::AUDIO, Post\Media::IMAGE, Post\Media::VIDEO]);
}
if ($request['local']) {
$condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin`)"]);
}
if ($request['remote']) {
$condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin`)"]);
}
$items = Post::selectForUser($uid, ['uri-id'], $condition, $params); $items = Post::selectForUser($uid, ['uri-id'], $condition, $params);
$statuses = []; $statuses = [];

2
src/Module/Api/Mastodon/Timelines/PublicTimeline.php
View file

@ -49,7 +49,7 @@ class PublicTimeline extends BaseApi
'since_id' => 0, // Return results newer than this id 'since_id' => 0, // Return results newer than this id
'min_id' => 0, // Return results immediately newer than this id 'min_id' => 0, // Return results immediately newer than this id
'limit' => 20, // Maximum number of results to return. Defaults to 20. 'limit' => 20, // Maximum number of results to return. Defaults to 20.
'with_muted' => false, // Unknown parameter 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
]); ]);
$params = ['order' => ['uri-id' => true], 'limit' => $request['limit']]; $params = ['order' => ['uri-id' => true], 'limit' => $request['limit']];

46
src/Module/Api/Mastodon/Timelines/Tag.php
View file

@ -47,44 +47,46 @@ class Tag extends BaseApi
DI::mstdnError()->UnprocessableEntity(); DI::mstdnError()->UnprocessableEntity();
} }
// If true, return only local statuses. Defaults to false. $request = self::getRequest([
$local = (bool)!isset($_REQUEST['local']) ? false : ($_REQUEST['local'] == 'true'); 'local' => false, // If true, return only local statuses. Defaults to false.
// If true, return only statuses with media attachments. Defaults to false. 'remote' => false, // Show only remote statuses? Defaults to false.
$only_media = (bool)!isset($_REQUEST['only_media']) ? false : ($_REQUEST['only_media'] == 'true'); 'only_media' => false, // If true, return only statuses with media attachments. Defaults to false.
// Return results older than this ID. 'max_id' => 0, // Return results older than this ID.
$max_id = (int)!isset($_REQUEST['max_id']) ? 0 : $_REQUEST['max_id']; 'since_id' => 0, // Return results newer than this ID.
// Return results newer than this ID. 'min_id' => 0, // Return results immediately newer than this ID.
$since_id = (int)!isset($_REQUEST['since_id']) ? 0 : $_REQUEST['since_id']; 'limit' => 20, // Maximum number of results to return. Defaults to 20.
// Return results immediately newer than this ID. 'with_muted' => false, // Pleroma extension: return activities by muted (not by blocked!) users.
$min_id = (int)!isset($_REQUEST['min_id']) ? 0 : $_REQUEST['min_id']; ]);
// Maximum number of results to return. Defaults to 20.
$limit = (int)!isset($_REQUEST['limit']) ? 20 : $_REQUEST['limit'];
$params = ['order' => ['uri-id' => true], 'limit' => $limit]; $params = ['order' => ['uri-id' => true], 'limit' => $request['limit']];
$condition = ["`name` = ? AND (`uid` = ? OR (`uid` = ? AND NOT `global`)) $condition = ["`name` = ? AND (`uid` = ? OR (`uid` = ? AND NOT `global`))
AND (`network` IN (?, ?, ?, ?) OR (`uid` = ? AND `uid` != ?))", AND (`network` IN (?, ?, ?, ?) OR (`uid` = ? AND `uid` != ?))",
$parameters['hashtag'], 0, $uid, Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS, $uid, 0]; $parameters['hashtag'], 0, $uid, Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::DIASPORA, Protocol::OSTATUS, $uid, 0];
if ($local) { if ($request['local']) {
$condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin`)"]); $condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin`)"]);
} }
if ($only_media) { if ($request['remote']) {
$condition = DBA::mergeConditions($condition, ["NOT `uri-id` IN (SELECT `uri-id` FROM `post-user` WHERE `origin`)"]);
}
if ($request['only_media']) {
$condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-media` WHERE `type` IN (?, ?, ?))", $condition = DBA::mergeConditions($condition, ["`uri-id` IN (SELECT `uri-id` FROM `post-media` WHERE `type` IN (?, ?, ?))",
Post\Media::AUDIO, Post\Media::IMAGE, Post\Media::VIDEO]); Post\Media::AUDIO, Post\Media::IMAGE, Post\Media::VIDEO]);
} }
if (!empty($max_id)) { if (!empty($request['max_id'])) {
$condition = DBA::mergeConditions($condition, ["`uri-id` < ?", $max_id]); $condition = DBA::mergeConditions($condition, ["`uri-id` < ?", $request['max_id']]);
} }
if (!empty($since_id)) { if (!empty($request['since_id'])) {
$condition = DBA::mergeConditions($condition, ["`uri-id` > ?", $since_id]); $condition = DBA::mergeConditions($condition, ["`uri-id` > ?", $request['since_id']]);
} }
if (!empty($min_id)) { if (!empty($request['min_id'])) {
$condition = DBA::mergeConditions($condition, ["`uri-id` > ?", $min_id]); $condition = DBA::mergeConditions($condition, ["`uri-id` > ?", $request['min_id']]);
$params['order'] = ['uri-id']; $params['order'] = ['uri-id'];
} }
@ -97,7 +99,7 @@ class Tag extends BaseApi
} }
DBA::close($items); DBA::close($items);
if (!empty($min_id)) { if (!empty($request['min_id'])) {
array_reverse($statuses); array_reverse($statuses);
} }

7
src/Module/Api/Mastodon/Trends.php
View file

@ -37,8 +37,9 @@ class Trends extends BaseApi
*/ */
public static function rawContent(array $parameters = []) public static function rawContent(array $parameters = [])
{ {
// Maximum number of results to return. Defaults to 10. $request = self::getRequest([
$limit = (int)!isset($_REQUEST['limit']) ? 10 : $_REQUEST['limit']; 'limit' => 20, // Maximum number of results to return. Defaults to 10.
]);
$trending = []; $trending = [];
$tags = Tag::getGlobalTrendingHashtags(24, 20); $tags = Tag::getGlobalTrendingHashtags(24, 20);
@ -48,6 +49,6 @@ class Trends extends BaseApi
$trending[] = $hashtag->toArray(); $trending[] = $hashtag->toArray();
} }
System::jsonExit(array_slice($trending, 0, $limit)); System::jsonExit(array_slice($trending, 0, $request['limit']));
} }
} }

24
src/Module/OAuth/Authorize.php
View file

@ -37,24 +37,26 @@ class Authorize extends BaseApi
*/ */
public static function rawContent(array $parameters = []) public static function rawContent(array $parameters = [])
{ {
$response_type = $_REQUEST['response_type'] ?? ''; $request = self::getRequest([
$client_id = $_REQUEST['client_id'] ?? ''; 'response_type' => '',
$client_secret = $_REQUEST['client_secret'] ?? ''; // Isn't normally provided. We will use it if present. 'client_id' => '',
$redirect_uri = $_REQUEST['redirect_uri'] ?? ''; 'client_secret' => '', // Isn't normally provided. We will use it if present.
$scope = $_REQUEST['scope'] ?? 'read'; 'redirect_uri' => '',
$state = $_REQUEST['state'] ?? ''; 'scope' => 'read',
'state' => '',
]);
if ($response_type != 'code') { if ($request['response_type'] != 'code') {
Logger::warning('Unsupported or missing response type', ['request' => $_REQUEST]); Logger::warning('Unsupported or missing response type', ['request' => $_REQUEST]);
DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Unsupported or missing response type')); DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Unsupported or missing response type'));
} }
if (empty($client_id) || empty($redirect_uri)) { if (empty($request['client_id']) || empty($request['redirect_uri'])) {
Logger::warning('Incomplete request data', ['request' => $_REQUEST]); Logger::warning('Incomplete request data', ['request' => $_REQUEST]);
DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data')); DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data'));
} }
$application = self::getApplication($client_id, $client_secret, $redirect_uri); $application = self::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
if (empty($application)) { if (empty($application)) {
DI::mstdnError()->UnprocessableEntity(); DI::mstdnError()->UnprocessableEntity();
} }
@ -80,11 +82,11 @@ class Authorize extends BaseApi
DI::session()->remove('oauth_acknowledge'); DI::session()->remove('oauth_acknowledge');
$token = self::createTokenForUser($application, $uid, $scope); $token = self::createTokenForUser($application, $uid, $request['scope']);
if (!$token) { if (!$token) {
DI::mstdnError()->UnprocessableEntity(); DI::mstdnError()->UnprocessableEntity();
} }
DI::app()->redirect($application['redirect_uri'] . (strpos($application['redirect_uri'], '?') ? '&' : '?') . http_build_query(['code' => $token['code'], 'state' => $state])); DI::app()->redirect($application['redirect_uri'] . (strpos($application['redirect_uri'], '?') ? '&' : '?') . http_build_query(['code' => $token['code'], 'state' => $request['state']]));
} }
} }

28
src/Module/OAuth/Token.php
View file

@ -35,39 +35,41 @@ class Token extends BaseApi
{ {
public static function post(array $parameters = []) public static function post(array $parameters = [])
{ {
$grant_type = $_REQUEST['grant_type'] ?? ''; $request = self::getRequest([
$code = $_REQUEST['code'] ?? ''; 'grant_type' => '',
$redirect_uri = $_REQUEST['redirect_uri'] ?? ''; 'code' => '',
$client_id = $_REQUEST['client_id'] ?? ''; 'redirect_uri' => '',
$client_secret = $_REQUEST['client_secret'] ?? ''; 'client_id' => '',
'client_secret' => '',
]);
// AndStatus transmits the client data in the AUTHORIZATION header field, see https://github.com/andstatus/andstatus/issues/530 // AndStatus transmits the client data in the AUTHORIZATION header field, see https://github.com/andstatus/andstatus/issues/530
if (empty($client_id) && !empty($_SERVER['HTTP_AUTHORIZATION']) && (substr($_SERVER['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ')) { if (empty($request['client_id']) && !empty($_SERVER['HTTP_AUTHORIZATION']) && (substr($_SERVER['HTTP_AUTHORIZATION'], 0, 6) == 'Basic ')) {
$datapair = explode(':', base64_decode(trim(substr($_SERVER['HTTP_AUTHORIZATION'], 6)))); $datapair = explode(':', base64_decode(trim(substr($_SERVER['HTTP_AUTHORIZATION'], 6))));
if (count($datapair) == 2) { if (count($datapair) == 2) {
$client_id = $datapair[0]; $request['client_id'] = $datapair[0];
$client_secret = $datapair[1]; $request['client_secret'] = $datapair[1];
} }
} }
if (empty($client_id) || empty($client_secret)) { if (empty($request['client_id']) || empty($request['client_secret'])) {
Logger::warning('Incomplete request data', ['request' => $_REQUEST]); Logger::warning('Incomplete request data', ['request' => $_REQUEST]);
DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data')); DI::mstdnError()->UnprocessableEntity(DI::l10n()->t('Incomplete request data'));
} }
$application = self::getApplication($client_id, $client_secret, $redirect_uri); $application = self::getApplication($request['client_id'], $request['client_secret'], $request['redirect_uri']);
if (empty($application)) { if (empty($application)) {
DI::mstdnError()->UnprocessableEntity(); DI::mstdnError()->UnprocessableEntity();
} }
if ($grant_type == 'client_credentials') { if ($request['grant_type'] == 'client_credentials') {
// the "client_credentials" are used as a token for the application itself. // the "client_credentials" are used as a token for the application itself.
// see https://aaronparecki.com/oauth-2-simplified/#client-credentials // see https://aaronparecki.com/oauth-2-simplified/#client-credentials
$token = self::createTokenForUser($application, 0, ''); $token = self::createTokenForUser($application, 0, '');
} elseif ($grant_type == 'authorization_code') { } elseif ($request['grant_type'] == 'authorization_code') {
// For security reasons only allow freshly created tokens // For security reasons only allow freshly created tokens
$condition = ["`redirect_uri` = ? AND `id` = ? AND `code` = ? AND `created_at` > UTC_TIMESTAMP() - INTERVAL ? MINUTE", $condition = ["`redirect_uri` = ? AND `id` = ? AND `code` = ? AND `created_at` > UTC_TIMESTAMP() - INTERVAL ? MINUTE",
$redirect_uri, $application['id'], $code, 5]; $request['redirect_uri'], $application['id'], $request['code'], 5];
$token = DBA::selectFirst('application-view', ['access_token', 'created_at'], $condition); $token = DBA::selectFirst('application-view', ['access_token', 'created_at'], $condition);
if (!DBA::isResult($token)) { if (!DBA::isResult($token)) {