hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixed OAuth restrictions for :api routes. Made auth info dropped for :api routes if OAuth check was neither performed nor explicitly skipped.

Browse source
This commit is contained in:
Ivan Tashkinov 2020-04-22 18:50:25 +03:00
commit 2958a7d246
14 changed files with 101 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

6
lib/pleroma/web/twitter_api/twitter_api_controller.ex
View file

@ -18,7 +18,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
%{scopes: ["write:notifications"]} when action == :mark_notifications_as_read
)
plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])
plug(:skip_plug, OAuthScopesPlug when action in [:confirm_email, :oauth_tokens, :revoke_token])
action_fallback(:errors)
@ -47,13 +47,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
json_reply(conn, 201, "")
end
def errors(conn, {:param_cast, _}) do
defp errors(conn, {:param_cast, _}) do
conn
|> put_status(400)
|> json("Invalid parameters")
end
def errors(conn, _) do
defp errors(conn, _) do
conn
|> put_status(500)
|> json("Something went wrong")