[#468] Defined OAuth restrictions for all applicable routes.

Improved missing "scopes" param handling. Allowed "any of" / "all of" mode specification in OAuthScopesPlug. Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00 · 2019-02-15 19:54:37 +03:00 · 2a4a4f3342
commit 2a4a4f3342
parent 027adbc9e5
7 changed files with 142 additions and 76 deletions
--- a/lib/pleroma/web/controller_helper.ex
+++ b/lib/pleroma/web/controller_helper.ex
@ -6,7 +6,7 @@ defmodule Pleroma.Web.ControllerHelper do
  use Pleroma.Web, :controller

  def oauth_scopes(params, default) do
-    Pleroma.Web.OAuth.parse_scopes(params["scopes"] || params["scope"], default)
+    Pleroma.Web.OAuth.parse_scopes(params["scope"] || params["scopes"], default)
  end

  def json_response(conn, status, json) do