Fix OAuth registration redirect_uris array support

2026-01-16 11:25:39 +04:00 · 2026-01-16 11:25:39 +04:00 · 820a4cd97c
commit 820a4cd97c
parent ad5bb02bd6
8 changed files with 94 additions and 14 deletions
--- a/lib/pleroma/web/api_spec/operations/admin/o_auth_app_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/admin/o_auth_app_operation.ex
@ -123,8 +123,10 @@ defmodule Pleroma.Web.ApiSpec.Admin.OAuthAppOperation do
        name: %Schema{type: :string, description: "Application Name"},
        scopes: %Schema{type: :array, items: %Schema{type: :string}, description: "oAuth scopes"},
        redirect_uris: %Schema{
-          type: :array,
-          items: %Schema{type: :string},
+          oneOf: [
+            %Schema{type: :string},
+            %Schema{type: :array, items: %Schema{type: :string}}
+          ],
          description:
            "Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter."
        },
@ -158,8 +160,10 @@ defmodule Pleroma.Web.ApiSpec.Admin.OAuthAppOperation do
        name: %Schema{type: :string, description: "Application Name"},
        scopes: %Schema{type: :array, items: %Schema{type: :string}, description: "oAuth scopes"},
        redirect_uris: %Schema{
-          type: :array,
-          items: %Schema{type: :string},
+          oneOf: [
+            %Schema{type: :string},
+            %Schema{type: :array, items: %Schema{type: :string}}
+          ],
          description:
            "Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter."
        },
--- a/lib/pleroma/web/api_spec/operations/app_operation.ex
+++ b/lib/pleroma/web/api_spec/operations/app_operation.ex
@ -97,7 +97,10 @@ defmodule Pleroma.Web.ApiSpec.AppOperation do
      properties: %{
        client_name: %Schema{type: :string, description: "A name for your application."},
        redirect_uris: %Schema{
-          type: :string,
+          oneOf: [
+            %Schema{type: :string},
+            %Schema{type: :array, items: %Schema{type: :string}}
+          ],
          description:
            "Where the user should be redirected after authorization. To display the authorization code to the user instead of redirecting to a web page, use `urn:ietf:wg:oauth:2.0:oob` in this parameter."
        },
--- a/lib/pleroma/web/o_auth/app.ex
+++ b/lib/pleroma/web/o_auth/app.ex
@ -14,7 +14,7 @@ defmodule Pleroma.Web.OAuth.App do

  schema "apps" do
    field(:client_name, :string)
-    field(:redirect_uris, {:array, :string})
+    field(:redirect_uris, :string)
    field(:scopes, {:array, :string}, default: [])
    field(:website, :string)
    field(:client_id, :string)
@ -31,9 +31,32 @@ defmodule Pleroma.Web.OAuth.App do

  @spec changeset(t(), map()) :: Ecto.Changeset.t()
  def changeset(struct, params) do
+    params = normalize_redirect_uris_param(params)
+
    cast(struct, params, [:client_name, :redirect_uris, :scopes, :website, :trusted, :user_id])
  end

+  defp normalize_redirect_uris_param(%{} = params) do
+    case params do
+      %{redirect_uris: redirect_uris} when is_list(redirect_uris) ->
+        Map.put(params, :redirect_uris, normalize_redirect_uris(redirect_uris))
+
+      %{"redirect_uris" => redirect_uris} when is_list(redirect_uris) ->
+        Map.put(params, "redirect_uris", normalize_redirect_uris(redirect_uris))
+
+      _ ->
+        params
+    end
+  end
+
+  defp normalize_redirect_uris(redirect_uris) when is_list(redirect_uris) do
+    redirect_uris
+    |> Enum.filter(&is_binary/1)
+    |> Enum.map(&String.trim/1)
+    |> Enum.reject(&(&1 == ""))
+    |> Enum.join("\n")
+  end
+
  @spec register_changeset(t(), map()) :: Ecto.Changeset.t()
  def register_changeset(struct, params \\ %{}) do
    changeset =