hacky hack hack
This commit is contained in:
parent
21a101ebc4
commit
e7dc1c1fe2
|
@ -65,6 +65,24 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
|
|||
}
|
||||
c.Set(oauth.SessionAuthorizedToken, ti)
|
||||
|
||||
// check for application token
|
||||
if clientID := ti.GetClientID(); clientID != "" {
|
||||
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
|
||||
|
||||
// fetch app for this token
|
||||
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
|
||||
if err != nil {
|
||||
if err != db.ErrNoEntries {
|
||||
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
|
||||
return
|
||||
}
|
||||
log.Warnf(ctx, "no app found for client %s", clientID)
|
||||
return
|
||||
}
|
||||
|
||||
c.Set(oauth.SessionAuthorizedApplication, app)
|
||||
}
|
||||
|
||||
// check for user-level token
|
||||
if userID := ti.GetUserID(); userID != "" {
|
||||
log.Tracef(ctx, "authenticated user %s with bearer token, scope is %s", userID, ti.GetScope())
|
||||
|
@ -81,12 +99,12 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
|
|||
}
|
||||
|
||||
if user.ConfirmedAt.IsZero() {
|
||||
log.Warnf(ctx, "authenticated user %s has never confirmed thier email address", userID)
|
||||
log.Warnf(ctx, "authenticated user %s has never confirmed their email address", userID)
|
||||
return
|
||||
}
|
||||
|
||||
if !*user.Approved {
|
||||
log.Warnf(ctx, "authenticated user %s's account was never approved by an admin", userID)
|
||||
log.Warnf(ctx, "authenticated user %s's account not yet approved by an admin", userID)
|
||||
return
|
||||
}
|
||||
|
||||
|
@ -118,23 +136,5 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
|
|||
|
||||
c.Set(oauth.SessionAuthorizedAccount, user.Account)
|
||||
}
|
||||
|
||||
// check for application token
|
||||
if clientID := ti.GetClientID(); clientID != "" {
|
||||
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
|
||||
|
||||
// fetch app for this token
|
||||
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
|
||||
if err != nil {
|
||||
if err != db.ErrNoEntries {
|
||||
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
|
||||
return
|
||||
}
|
||||
log.Warnf(ctx, "no app found for client %s", clientID)
|
||||
return
|
||||
}
|
||||
|
||||
c.Set(oauth.SessionAuthorizedApplication, app)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -79,7 +79,7 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
|
|||
}
|
||||
|
||||
if requireUser && a.User == nil {
|
||||
return nil, errors.New("user not supplied or not authorized")
|
||||
return nil, errors.New("user not supplied, not authorized, not confirmed, or email address unconfirmed")
|
||||
}
|
||||
|
||||
if requireAccount && a.Account == nil {
|
||||
|
|
|
@ -68,14 +68,15 @@ func (p *Processor) Create(
|
|||
}
|
||||
|
||||
user, err := p.state.DB.NewSignup(ctx, gtsmodel.NewSignup{
|
||||
Username: form.Username,
|
||||
Email: form.Email,
|
||||
Password: form.Password,
|
||||
Reason: text.SanitizeToPlaintext(reason),
|
||||
PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required.
|
||||
SignUpIP: form.IP,
|
||||
Locale: form.Locale,
|
||||
AppID: app.ID,
|
||||
Username: form.Username,
|
||||
Email: form.Email,
|
||||
EmailVerified: true,
|
||||
Password: form.Password,
|
||||
Reason: text.SanitizeToPlaintext(reason),
|
||||
PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required.
|
||||
SignUpIP: form.IP,
|
||||
Locale: form.Locale,
|
||||
AppID: app.ID,
|
||||
})
|
||||
if err != nil {
|
||||
err := fmt.Errorf("db error creating new signup: %w", err)
|
||||
|
|
|
@ -70,7 +70,7 @@ var testDefaults = config.Configuration{
|
|||
InstanceDeliverToSharedInboxes: true,
|
||||
|
||||
AccountsRegistrationOpen: true,
|
||||
AccountsApprovalRequired: true,
|
||||
AccountsApprovalRequired: false,
|
||||
AccountsReasonRequired: true,
|
||||
AccountsAllowCustomCSS: true,
|
||||
AccountsCustomCSSLength: 10000,
|
||||
|
|
Loading…
Reference in New Issue