hacky hack hack

This commit is contained in:
tsmethurst 2023-10-19 16:06:02 +02:00
parent 21a101ebc4
commit e7dc1c1fe2
4 changed files with 31 additions and 30 deletions

View File

@ -65,6 +65,24 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
} }
c.Set(oauth.SessionAuthorizedToken, ti) c.Set(oauth.SessionAuthorizedToken, ti)
// check for application token
if clientID := ti.GetClientID(); clientID != "" {
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
// fetch app for this token
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
if err != nil {
if err != db.ErrNoEntries {
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
return
}
log.Warnf(ctx, "no app found for client %s", clientID)
return
}
c.Set(oauth.SessionAuthorizedApplication, app)
}
// check for user-level token // check for user-level token
if userID := ti.GetUserID(); userID != "" { if userID := ti.GetUserID(); userID != "" {
log.Tracef(ctx, "authenticated user %s with bearer token, scope is %s", userID, ti.GetScope()) log.Tracef(ctx, "authenticated user %s with bearer token, scope is %s", userID, ti.GetScope())
@ -81,12 +99,12 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
} }
if user.ConfirmedAt.IsZero() { if user.ConfirmedAt.IsZero() {
log.Warnf(ctx, "authenticated user %s has never confirmed thier email address", userID) log.Warnf(ctx, "authenticated user %s has never confirmed their email address", userID)
return return
} }
if !*user.Approved { if !*user.Approved {
log.Warnf(ctx, "authenticated user %s's account was never approved by an admin", userID) log.Warnf(ctx, "authenticated user %s's account not yet approved by an admin", userID)
return return
} }
@ -118,23 +136,5 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
c.Set(oauth.SessionAuthorizedAccount, user.Account) c.Set(oauth.SessionAuthorizedAccount, user.Account)
} }
// check for application token
if clientID := ti.GetClientID(); clientID != "" {
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
// fetch app for this token
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
if err != nil {
if err != db.ErrNoEntries {
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
return
}
log.Warnf(ctx, "no app found for client %s", clientID)
return
}
c.Set(oauth.SessionAuthorizedApplication, app)
}
} }
} }

View File

@ -79,7 +79,7 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
} }
if requireUser && a.User == nil { if requireUser && a.User == nil {
return nil, errors.New("user not supplied or not authorized") return nil, errors.New("user not supplied, not authorized, not confirmed, or email address unconfirmed")
} }
if requireAccount && a.Account == nil { if requireAccount && a.Account == nil {

View File

@ -68,14 +68,15 @@ func (p *Processor) Create(
} }
user, err := p.state.DB.NewSignup(ctx, gtsmodel.NewSignup{ user, err := p.state.DB.NewSignup(ctx, gtsmodel.NewSignup{
Username: form.Username, Username: form.Username,
Email: form.Email, Email: form.Email,
Password: form.Password, EmailVerified: true,
Reason: text.SanitizeToPlaintext(reason), Password: form.Password,
PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required. Reason: text.SanitizeToPlaintext(reason),
SignUpIP: form.IP, PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required.
Locale: form.Locale, SignUpIP: form.IP,
AppID: app.ID, Locale: form.Locale,
AppID: app.ID,
}) })
if err != nil { if err != nil {
err := fmt.Errorf("db error creating new signup: %w", err) err := fmt.Errorf("db error creating new signup: %w", err)

View File

@ -70,7 +70,7 @@ func InitTestConfig() {
InstanceDeliverToSharedInboxes: true, InstanceDeliverToSharedInboxes: true,
AccountsRegistrationOpen: true, AccountsRegistrationOpen: true,
AccountsApprovalRequired: true, AccountsApprovalRequired: false,
AccountsReasonRequired: true, AccountsReasonRequired: true,
AccountsAllowCustomCSS: true, AccountsAllowCustomCSS: true,
AccountsCustomCSSLength: 10000, AccountsCustomCSSLength: 10000,