mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-11-28 19:23:45 +01:00
hacky hack hack
This commit is contained in:
parent
21a101ebc4
commit
e7dc1c1fe2
@ -65,6 +65,24 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
|
|||||||
}
|
}
|
||||||
c.Set(oauth.SessionAuthorizedToken, ti)
|
c.Set(oauth.SessionAuthorizedToken, ti)
|
||||||
|
|
||||||
|
// check for application token
|
||||||
|
if clientID := ti.GetClientID(); clientID != "" {
|
||||||
|
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
|
||||||
|
|
||||||
|
// fetch app for this token
|
||||||
|
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
|
||||||
|
if err != nil {
|
||||||
|
if err != db.ErrNoEntries {
|
||||||
|
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
log.Warnf(ctx, "no app found for client %s", clientID)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
c.Set(oauth.SessionAuthorizedApplication, app)
|
||||||
|
}
|
||||||
|
|
||||||
// check for user-level token
|
// check for user-level token
|
||||||
if userID := ti.GetUserID(); userID != "" {
|
if userID := ti.GetUserID(); userID != "" {
|
||||||
log.Tracef(ctx, "authenticated user %s with bearer token, scope is %s", userID, ti.GetScope())
|
log.Tracef(ctx, "authenticated user %s with bearer token, scope is %s", userID, ti.GetScope())
|
||||||
@ -81,12 +99,12 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
|
|||||||
}
|
}
|
||||||
|
|
||||||
if user.ConfirmedAt.IsZero() {
|
if user.ConfirmedAt.IsZero() {
|
||||||
log.Warnf(ctx, "authenticated user %s has never confirmed thier email address", userID)
|
log.Warnf(ctx, "authenticated user %s has never confirmed their email address", userID)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !*user.Approved {
|
if !*user.Approved {
|
||||||
log.Warnf(ctx, "authenticated user %s's account was never approved by an admin", userID)
|
log.Warnf(ctx, "authenticated user %s's account not yet approved by an admin", userID)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -118,23 +136,5 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
|
|||||||
|
|
||||||
c.Set(oauth.SessionAuthorizedAccount, user.Account)
|
c.Set(oauth.SessionAuthorizedAccount, user.Account)
|
||||||
}
|
}
|
||||||
|
|
||||||
// check for application token
|
|
||||||
if clientID := ti.GetClientID(); clientID != "" {
|
|
||||||
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
|
|
||||||
|
|
||||||
// fetch app for this token
|
|
||||||
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
|
|
||||||
if err != nil {
|
|
||||||
if err != db.ErrNoEntries {
|
|
||||||
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
log.Warnf(ctx, "no app found for client %s", clientID)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
c.Set(oauth.SessionAuthorizedApplication, app)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -79,7 +79,7 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
|
|||||||
}
|
}
|
||||||
|
|
||||||
if requireUser && a.User == nil {
|
if requireUser && a.User == nil {
|
||||||
return nil, errors.New("user not supplied or not authorized")
|
return nil, errors.New("user not supplied, not authorized, not confirmed, or email address unconfirmed")
|
||||||
}
|
}
|
||||||
|
|
||||||
if requireAccount && a.Account == nil {
|
if requireAccount && a.Account == nil {
|
||||||
|
@ -68,14 +68,15 @@ func (p *Processor) Create(
|
|||||||
}
|
}
|
||||||
|
|
||||||
user, err := p.state.DB.NewSignup(ctx, gtsmodel.NewSignup{
|
user, err := p.state.DB.NewSignup(ctx, gtsmodel.NewSignup{
|
||||||
Username: form.Username,
|
Username: form.Username,
|
||||||
Email: form.Email,
|
Email: form.Email,
|
||||||
Password: form.Password,
|
EmailVerified: true,
|
||||||
Reason: text.SanitizeToPlaintext(reason),
|
Password: form.Password,
|
||||||
PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required.
|
Reason: text.SanitizeToPlaintext(reason),
|
||||||
SignUpIP: form.IP,
|
PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required.
|
||||||
Locale: form.Locale,
|
SignUpIP: form.IP,
|
||||||
AppID: app.ID,
|
Locale: form.Locale,
|
||||||
|
AppID: app.ID,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err := fmt.Errorf("db error creating new signup: %w", err)
|
err := fmt.Errorf("db error creating new signup: %w", err)
|
||||||
|
@ -70,7 +70,7 @@ func InitTestConfig() {
|
|||||||
InstanceDeliverToSharedInboxes: true,
|
InstanceDeliverToSharedInboxes: true,
|
||||||
|
|
||||||
AccountsRegistrationOpen: true,
|
AccountsRegistrationOpen: true,
|
||||||
AccountsApprovalRequired: true,
|
AccountsApprovalRequired: false,
|
||||||
AccountsReasonRequired: true,
|
AccountsReasonRequired: true,
|
||||||
AccountsAllowCustomCSS: true,
|
AccountsAllowCustomCSS: true,
|
||||||
AccountsCustomCSSLength: 10000,
|
AccountsCustomCSSLength: 10000,
|
||||||
|
Loading…
Reference in New Issue
Block a user