Merge pull request #13951 from annando/issue-13949
Issue 13949: Block access via OAuth
This commit is contained in:
commit
2d4f28dcde
|
@ -1,6 +1,6 @@
|
||||||
-- ------------------------------------------
|
-- ------------------------------------------
|
||||||
-- Friendica 2024.03-rc (Yellow Archangel)
|
-- Friendica 2024.03-rc (Yellow Archangel)
|
||||||
-- DB_UPDATE_VERSION 1554
|
-- DB_UPDATE_VERSION 1555
|
||||||
-- ------------------------------------------
|
-- ------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
@ -2017,7 +2017,8 @@ CREATE VIEW `application-view` AS SELECT
|
||||||
`application-token`.`follow` AS `follow`,
|
`application-token`.`follow` AS `follow`,
|
||||||
`application-token`.`push` AS `push`
|
`application-token`.`push` AS `push`
|
||||||
FROM `application-token`
|
FROM `application-token`
|
||||||
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`;
|
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
|
||||||
|
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`;
|
||||||
|
|
||||||
--
|
--
|
||||||
-- VIEW circle-member-view
|
-- VIEW circle-member-view
|
||||||
|
|
|
@ -21,10 +21,7 @@
|
||||||
|
|
||||||
namespace Friendica\Module\OAuth;
|
namespace Friendica\Module\OAuth;
|
||||||
|
|
||||||
use Friendica\Core\Logger;
|
|
||||||
use Friendica\Core\System;
|
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
|
||||||
use Friendica\Module\BaseApi;
|
use Friendica\Module\BaseApi;
|
||||||
use Friendica\Module\Special\HTTPException;
|
use Friendica\Module\Special\HTTPException;
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
|
|
|
@ -22,15 +22,12 @@
|
||||||
namespace Friendica\Module\OAuth;
|
namespace Friendica\Module\OAuth;
|
||||||
|
|
||||||
use Friendica\Core\Logger;
|
use Friendica\Core\Logger;
|
||||||
use Friendica\Core\System;
|
|
||||||
use Friendica\Database\DBA;
|
use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
|
||||||
use Friendica\Model\User;
|
use Friendica\Model\User;
|
||||||
use Friendica\Module\BaseApi;
|
use Friendica\Module\BaseApi;
|
||||||
use Friendica\Module\Special\HTTPException;
|
use Friendica\Module\Special\HTTPException;
|
||||||
use Friendica\Security\OAuth;
|
use Friendica\Security\OAuth;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
use GuzzleHttp\Psr7\Uri;
|
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -29,7 +29,6 @@ use Friendica\Model\Contact;
|
||||||
use Friendica\Model\User;
|
use Friendica\Model\User;
|
||||||
use Friendica\Module\BaseApi;
|
use Friendica\Module\BaseApi;
|
||||||
use Friendica\Util\DateTimeFormat;
|
use Friendica\Util\DateTimeFormat;
|
||||||
use GuzzleHttp\Psr7\Uri;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* OAuth Server
|
* OAuth Server
|
||||||
|
|
|
@ -56,7 +56,7 @@ use Friendica\Database\DBA;
|
||||||
|
|
||||||
// This file is required several times during the test in DbaDefinition which justifies this condition
|
// This file is required several times during the test in DbaDefinition which justifies this condition
|
||||||
if (!defined('DB_UPDATE_VERSION')) {
|
if (!defined('DB_UPDATE_VERSION')) {
|
||||||
define('DB_UPDATE_VERSION', 1554);
|
define('DB_UPDATE_VERSION', 1555);
|
||||||
}
|
}
|
||||||
|
|
||||||
return [
|
return [
|
||||||
|
|
|
@ -56,7 +56,8 @@
|
||||||
"push" => ["application-token", "push"],
|
"push" => ["application-token", "push"],
|
||||||
],
|
],
|
||||||
"query" => "FROM `application-token`
|
"query" => "FROM `application-token`
|
||||||
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`"
|
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
|
||||||
|
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`"
|
||||||
],
|
],
|
||||||
"circle-member-view" => [
|
"circle-member-view" => [
|
||||||
"fields" => [
|
"fields" => [
|
||||||
|
|
Loading…
Reference in New Issue
Block a user