Issue 13949: Block access via OAuth

This commit is contained in:
Michael 2024-02-29 22:03:57 +00:00
parent c9f7d9baff
commit dd55ba2d77
6 changed files with 6 additions and 11 deletions

View File

@ -1,6 +1,6 @@
-- ------------------------------------------
-- Friendica 2024.03-rc (Yellow Archangel)
-- DB_UPDATE_VERSION 1554
-- DB_UPDATE_VERSION 1555
-- ------------------------------------------
@ -2017,7 +2017,8 @@ CREATE VIEW `application-view` AS SELECT
`application-token`.`follow` AS `follow`,
`application-token`.`push` AS `push`
FROM `application-token`
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`;
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`;
--
-- VIEW circle-member-view

View File

@ -21,10 +21,7 @@
namespace Friendica\Module\OAuth;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Module\BaseApi;
use Friendica\Module\Special\HTTPException;
use Psr\Http\Message\ResponseInterface;

View File

@ -22,15 +22,12 @@
namespace Friendica\Module\OAuth;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\User;
use Friendica\Module\BaseApi;
use Friendica\Module\Special\HTTPException;
use Friendica\Security\OAuth;
use Friendica\Util\DateTimeFormat;
use GuzzleHttp\Psr7\Uri;
use Psr\Http\Message\ResponseInterface;
/**

View File

@ -29,7 +29,6 @@ use Friendica\Model\Contact;
use Friendica\Model\User;
use Friendica\Module\BaseApi;
use Friendica\Util\DateTimeFormat;
use GuzzleHttp\Psr7\Uri;
/**
* OAuth Server

View File

@ -56,7 +56,7 @@ use Friendica\Database\DBA;
// This file is required several times during the test in DbaDefinition which justifies this condition
if (!defined('DB_UPDATE_VERSION')) {
define('DB_UPDATE_VERSION', 1554);
define('DB_UPDATE_VERSION', 1555);
}
return [

View File

@ -56,7 +56,8 @@
"push" => ["application-token", "push"],
],
"query" => "FROM `application-token`
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`"
INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`"
],
"circle-member-view" => [
"fields" => [