Automatic checks of authentication / instance publicity. Definition of missing OAuth scopes in AdminAPIController. Refactoring.

2020-04-21 16:29:19 +03:00 · 2020-04-21 16:29:19 +03:00 · f685cbd309
commit f685cbd309
parent 3c828016d9
44 changed files with 355 additions and 267 deletions
--- a/lib/pleroma/web/twitter_api/controllers/util_controller.ex
+++ b/lib/pleroma/web/twitter_api/controllers/util_controller.ex
@ -25,13 +25,6 @@ defmodule Pleroma.Web.TwitterAPI.UtilController do
    when action == :follow_import
  )

-  # Note: follower can submit the form (with password auth) not being signed in (having no token)
-  plug(
-    OAuthScopesPlug,
-    %{fallback: :proceed_unauthenticated, scopes: ["follow", "write:follows"]}
-    when action == :do_remote_follow
-  )
-
  plug(OAuthScopesPlug, %{scopes: ["follow", "write:blocks"]} when action == :blocks_import)

  plug(
--- a/lib/pleroma/web/twitter_api/twitter_api_controller.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api_controller.ex
@ -13,12 +13,13 @@ defmodule Pleroma.Web.TwitterAPI.Controller do

  require Logger

-  plug(OAuthScopesPlug, %{scopes: ["write:notifications"]} when action == :notifications_read)
+  plug(
+    OAuthScopesPlug,
+    %{scopes: ["write:notifications"]} when action == :mark_notifications_as_read
+  )

  plug(:skip_plug, OAuthScopesPlug when action in [:oauth_tokens, :revoke_token])

-  plug(Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug)
-
  action_fallback(:errors)

  def confirm_email(conn, %{"user_id" => uid, "token" => token}) do
@ -64,7 +65,10 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
    |> send_resp(status, json)
  end

-  def notifications_read(%{assigns: %{user: user}} = conn, %{"latest_id" => latest_id} = params) do
+  def mark_notifications_as_read(
+        %{assigns: %{user: user}} = conn,
+        %{"latest_id" => latest_id} = params
+      ) do
    Notification.set_read_up_to(user, latest_id)

    notifications = Notification.for_user(user, params)
@ -75,7 +79,7 @@ defmodule Pleroma.Web.TwitterAPI.Controller do
    |> render("index.json", %{notifications: notifications, for: user})
  end

-  def notifications_read(%{assigns: %{user: _user}} = conn, _) do
+  def mark_notifications_as_read(%{assigns: %{user: _user}} = conn, _) do
    bad_request_reply(conn, "You need to specify latest_id")
  end