API: Show different ids on reshares / don't check for client secret

2023-01-22 11:25:31 +00:00 · 2023-01-22 11:25:31 +00:00 · 2ecc797541
parent 4b73335def
commit 2ecc797541
2 changed files with 14 additions and 1 deletions
--- a/src/Factory/Api/Mastodon/Status.php
+++ b/src/Factory/Api/Mastodon/Status.php
@ -97,17 +97,29 @@ class Status extends BaseFactory
 			throw new HTTPException\NotFoundException('Item with URI ID ' . $uriId . ' not found' . ($uid ? ' for user ' . $uid : '.'));
 		}

+		$activity_fields = ['uri-id', 'thr-parent-id', 'uri', 'author-id', 'author-uri-id', 'author-link', 'app', 'created', 'network', 'parent-author-id', 'private'];
+
 		if (($item['gravity'] == Item::GRAVITY_ACTIVITY) && ($item['vid'] == Verb::getID(Activity::ANNOUNCE))) {
 			$is_reshare = true;
 			$account    = $this->mstdnAccountFactory->createFromUriId($item['author-uri-id'], $uid);
 			$uriId      = $item['thr-parent-id'];
+			$activity   = $item;
 			$item       = Post::selectFirst($fields, ['uri-id' => $uriId, 'uid' => [0, $uid]], ['order' => ['uid' => true]]);
 			if (!$item) {
 				throw new HTTPException\NotFoundException('Item with URI ID ' . $uriId . ' not found' . ($uid ? ' for user ' . $uid : '.'));
 			}
+			foreach ($activity_fields as $field) {
+				$item[$field] = $activity[$field];
+			}
 		} else {
 			$is_reshare = $reblog && !is_null($item['causer-uri-id']) && ($item['causer-id'] != $item['author-id']) && ($item['post-reason'] == Item::PR_ANNOUNCEMENT);
 			$account    = $this->mstdnAccountFactory->createFromUriId($is_reshare ? $item['causer-uri-id'] : $item['author-uri-id'], $uid);
+			if ($is_reshare) {
+				$activity = Post::selectFirstPost($activity_fields, ['thr-parent-id' => $item['uri-id'], 'author-id' => $item['causer-id'], 'verb' => Activity::ANNOUNCE]);
+				if ($activity) {
+					$item = array_merge($item, $activity);
+				}
+			}
 		}

 		$count_announce = Post::countPosts([
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@ -68,7 +68,8 @@ class Token extends BaseApi
 			}
 		}

-		if (empty($request['client_id']) || empty($request['client_secret'])) {
+		// "client_secret" is required for "client_credentials": https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/
+		if (empty($request['client_id']) || (($request['grant_type'] == 'client_credentials') && empty($request['client_secret']))) {
 			Logger::warning('Incomplete request data', ['request' => $request]);
 			DI::mstdnError()->Unauthorized('invalid_client', DI::l10n()->t('Incomplete request data'));
 		}