hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enforcement of OAuth scopes check for authenticated API endpoints, :skip_plug plug to mark a plug explicitly skipped (disabled).

Browse source
This commit is contained in:
Ivan Tashkinov 2020-04-06 10:20:44 +03:00
commit fc81e5a49c
14 changed files with 113 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/web/oauth/oauth_controller.ex
View file

@ -27,6 +27,8 @@ defmodule Pleroma.Web.OAuth.OAuthController do
plug(:fetch_flash)
plug(RateLimiter, [name: :authentication] when action == :create_authorization)
plug(:skip_plug, Pleroma.Plugs.OAuthScopesPlug)
action_fallback(Pleroma.Web.OAuth.FallbackController)
@oob_token_redirect_uri "urn:ietf:wg:oauth:2.0:oob"