mirrors/pleroma
1
0
Fork 0
mirror of https://git.pleroma.social/pleroma/pleroma.git synced 2024-12-22 08:06:55 +00:00
Code Issues Projects Releases Wiki Activity

Revert "Merge branch 'oauth-app-spam' into 'develop'"

Browse source 
This reverts merge request !4244
This commit is contained in:
feld 2024-09-04 02:22:25 +00:00
parent fecfe8bf89
commit 92d5f0ac14
5 changed files with 24 additions and 129 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.d/oauth-app.fix
View file

@ -1 +0,0 @@
Prevent OAuth App flow from creating duplicate entries

3
lib/pleroma/web/mastodon_api/controllers/app_controller.ex
View file

@ -36,7 +36,8 @@ defmodule Pleroma.Web.MastodonAPI.AppController do
|> Map.put(:scopes, scopes) |> Map.put(:scopes, scopes)
|> Maps.put_if_present(:user_id, user_id) |> Maps.put_if_present(:user_id, user_id)
with {:ok, app} <- App.get_or_make(app_attrs) do with cs <- App.register_changeset(%App{}, app_attrs),
{:ok, app} <- Repo.insert(cs) do
render(conn, "show.json", app: app) render(conn, "show.json", app: app)
end end
end end

24
lib/pleroma/web/o_auth/app.ex
View file

@ -67,27 +67,35 @@ defmodule Pleroma.Web.OAuth.App do
with %__MODULE__{} = app <- Repo.get(__MODULE__, id) do with %__MODULE__{} = app <- Repo.get(__MODULE__, id) do
app app
|> changeset(params) |> changeset(params)
|> validate_required([:scopes])
|> Repo.update() |> Repo.update()
end end
end end
@doc """ @doc """
Gets app by attrs or create new with attrs. Gets app by attrs or create new with attrs.
Updates the attrs if needed. And updates the scopes if need.
""" """
@spec get_or_make(map()) :: {:ok, t()} | {:error, Ecto.Changeset.t()} @spec get_or_make(map(), list(String.t())) :: {:ok, t()} | {:error, Ecto.Changeset.t()}
def get_or_make(attrs) do def get_or_make(attrs, scopes) do
with %__MODULE__{} = app <- Repo.get_by(__MODULE__, client_name: attrs.client_name) do with %__MODULE__{} = app <- Repo.get_by(__MODULE__, attrs) do
__MODULE__.update(app.id, Map.take(attrs, [:scopes, :website])) update_scopes(app, scopes)
else else
_e -> _e ->
%__MODULE__{} %__MODULE__{}
|> register_changeset(attrs) |> register_changeset(Map.put(attrs, :scopes, scopes))
|> Repo.insert() |> Repo.insert()
end end
end end
defp update_scopes(%__MODULE__{} = app, []), do: {:ok, app}
defp update_scopes(%__MODULE__{scopes: scopes} = app, scopes), do: {:ok, app}
defp update_scopes(%__MODULE__{} = app, scopes) do
app
|> change(%{scopes: scopes})
|> Repo.update()
end
@spec search(map()) :: {:ok, [t()], non_neg_integer()} @spec search(map()) :: {:ok, [t()], non_neg_integer()}
def search(params) do def search(params) do
query = from(a in __MODULE__) query = from(a in __MODULE__)

110
test/pleroma/web/mastodon_api/controllers/app_controller_test.exs
View file

@ -89,114 +89,4 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do
assert expected == json_response_and_validate_schema(conn, 200) assert expected == json_response_and_validate_schema(conn, 200)
assert app.user_id == user.id assert app.user_id == user.id
end end
test "creates an oauth app without a user", %{conn: conn} do
app_attrs = build(:oauth_app)
conn =
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/apps", %{
client_name: app_attrs.client_name,
redirect_uris: app_attrs.redirect_uris
})
[app] = Repo.all(App)
expected = %{
"name" => app.client_name,
"website" => app.website,
"client_id" => app.client_id,
"client_secret" => app.client_secret,
"id" => app.id |> to_string(),
"redirect_uri" => app.redirect_uris,
"vapid_key" => Push.vapid_config() |> Keyword.get(:public_key)
}
assert expected == json_response_and_validate_schema(conn, 200)
end
test "does not duplicate apps with the same client name", %{conn: conn} do
client_name = "BleromaSE"
redirect_uris = "https://bleroma.app/oauth-callback"
for _i <- 1..3 do
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/apps", %{
client_name: client_name,
redirect_uris: redirect_uris
})
|> json_response_and_validate_schema(200)
end
apps = Repo.all(App)
assert length(apps) == 1
assert List.first(apps).client_name == client_name
assert List.first(apps).redirect_uris == redirect_uris
end
test "app scopes can be updated", %{conn: conn} do
client_name = "BleromaSE"
redirect_uris = "https://bleroma.app/oauth-callback"
website = "https://bleromase.com"
scopes = "read write"
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/apps", %{
client_name: client_name,
redirect_uris: redirect_uris,
website: website,
scopes: scopes
})
|> json_response_and_validate_schema(200)
assert List.first(Repo.all(App)).scopes == String.split(scopes, " ")
updated_scopes = "read write push"
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/apps", %{
client_name: client_name,
redirect_uris: redirect_uris,
website: website,
scopes: updated_scopes
})
|> json_response_and_validate_schema(200)
assert List.first(Repo.all(App)).scopes == String.split(updated_scopes, " ")
end
test "app website URL can be updated", %{conn: conn} do
client_name = "BleromaSE"
redirect_uris = "https://bleroma.app/oauth-callback"
website = "https://bleromase.com"
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/apps", %{
client_name: client_name,
redirect_uris: redirect_uris,
website: website
})
|> json_response_and_validate_schema(200)
assert List.first(Repo.all(App)).website == website
updated_website = "https://bleromase2ultimateedition.com"
conn
|> put_req_header("content-type", "application/json")
|> post("/api/v1/apps", %{
client_name: client_name,
redirect_uris: redirect_uris,
website: updated_website
})
|> json_response_and_validate_schema(200)
assert List.first(Repo.all(App)).website == updated_website
end
end end

15
test/pleroma/web/o_auth/app_test.exs
View file

@ -12,23 +12,20 @@ defmodule Pleroma.Web.OAuth.AppTest do
test "gets exist app" do test "gets exist app" do
attrs = %{client_name: "Mastodon-Local", redirect_uris: "."} attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]})) app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]}))
{:ok, %App{} = exist_app} = App.get_or_make(attrs) {:ok, %App{} = exist_app} = App.get_or_make(attrs, [])
assert exist_app == app assert exist_app == app
end end
test "make app" do test "make app" do
attrs = %{client_name: "Mastodon-Local", redirect_uris: ".", scopes: ["write"]} attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
{:ok, %App{} = app} = App.get_or_make(attrs) {:ok, %App{} = app} = App.get_or_make(attrs, ["write"])
assert app.scopes == ["write"] assert app.scopes == ["write"]
end end
test "gets exist app and updates scopes" do test "gets exist app and updates scopes" do
attrs = %{client_name: "Mastodon-Local", redirect_uris: ".", scopes: ["read", "write"]} attrs = %{client_name: "Mastodon-Local", redirect_uris: "."}
app = insert(:oauth_app, attrs) app = insert(:oauth_app, Map.merge(attrs, %{scopes: ["read", "write"]}))
{:ok, %App{} = exist_app} = App.get_or_make(attrs, ["read", "write", "follow", "push"])
{:ok, %App{} = exist_app} =
App.get_or_make(%{attrs | scopes: ["read", "write", "follow", "push"]})
assert exist_app.id == app.id assert exist_app.id == app.id
assert exist_app.scopes == ["read", "write", "follow", "push"] assert exist_app.scopes == ["read", "write", "follow", "push"]
end end