[#468] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages.

2019-02-14 00:29:29 +03:00 · 2019-02-14 00:29:29 +03:00 · 063baca5e4
commit 063baca5e4
parent a337bd114c
18 changed files with 98 additions and 43 deletions
--- a/lib/pleroma/web/oauth/authorization.ex
+++ b/lib/pleroma/web/oauth/authorization.ex
@ -6,14 +6,13 @@ defmodule Pleroma.Web.OAuth.Authorization do
  use Ecto.Schema

  alias Pleroma.{User, Repo}
-  alias Pleroma.Web.OAuth
  alias Pleroma.Web.OAuth.{Authorization, App}

  import Ecto.{Changeset, Query}

  schema "oauth_authorizations" do
    field(:token, :string)
-    field(:scope, :string)
+    field(:scopes, {:array, :string}, default: [])
    field(:valid_until, :naive_datetime)
    field(:used, :boolean, default: false)
    belongs_to(:user, Pleroma.User, type: Pleroma.FlakeId)
@ -22,8 +21,8 @@ defmodule Pleroma.Web.OAuth.Authorization do
    timestamps()
  end

-  def create_authorization(%App{} = app, %User{} = user, scope \\ nil) do
-    scopes = OAuth.parse_scopes(scope || app.scopes)
+  def create_authorization(%App{} = app, %User{} = user, scopes \\ nil) do
+    scopes = scopes || app.scopes
    token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()

    authorization = %Authorization{
@ -31,7 +30,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
      used: false,
      user_id: user.id,
      app_id: app.id,
-      scope: Enum.join(scopes, " "),
+      scopes: scopes,
      valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10)
    }