From 2162f216360129f147da1fd5f3d8fae5233c0d1d Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Thu, 26 Aug 2021 19:56:40 +0200
Subject: [PATCH] fix broken db queries in auth (#160)

---
 internal/api/client/auth/authorize.go | 4 ++--
 internal/api/client/auth/callback.go  | 6 ++----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/internal/api/client/auth/authorize.go b/internal/api/client/auth/authorize.go
index 0328f3b21..d7ea65cca 100644
--- a/internal/api/client/auth/authorize.go
+++ b/internal/api/client/auth/authorize.go
@@ -71,7 +71,7 @@ func (m *Module) AuthorizeGETHandler(c *gin.Context) {
 		return
 	}
 	app := &gtsmodel.Application{}
-	if err := m.db.GetWhere(c.Request.Context(), []db.Where{{Key: sessionClientID, Value: app.ClientID}}, app); err != nil {
+	if err := m.db.GetWhere(c.Request.Context(), []db.Where{{Key: sessionClientID, Value: clientID}}, app); err != nil {
 		m.clearSession(s)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("no application found for client id %s", clientID)})
 		return
@@ -79,7 +79,7 @@ func (m *Module) AuthorizeGETHandler(c *gin.Context) {
 
 	// we can also use the userid of the user to fetch their username from the db to greet them nicely <3
 	user := &gtsmodel.User{}
-	if err := m.db.GetByID(c.Request.Context(), user.ID, user); err != nil {
+	if err := m.db.GetByID(c.Request.Context(), userID, user); err != nil {
 		m.clearSession(s)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": err.Error()})
 		return
diff --git a/internal/api/client/auth/callback.go b/internal/api/client/auth/callback.go
index cbb429352..c2fbfb486 100644
--- a/internal/api/client/auth/callback.go
+++ b/internal/api/client/auth/callback.go
@@ -78,10 +78,8 @@ func (m *Module) CallbackGETHandler(c *gin.Context) {
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "no client_id found in session during callback"})
 		return
 	}
-	app := &gtsmodel.Application{
-		ClientID: clientID,
-	}
-	if err := m.db.GetWhere(c.Request.Context(), []db.Where{{Key: sessionClientID, Value: app.ClientID}}, app); err != nil {
+	app := &gtsmodel.Application{}
+	if err := m.db.GetWhere(c.Request.Context(), []db.Where{{Key: sessionClientID, Value: clientID}}, app); err != nil {
 		m.clearSession(s)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": fmt.Sprintf("no application found for client id %s", clientID)})
 		return