hacky hack hack

This commit is contained in:
tsmethurst 2023-10-19 16:06:02 +02:00
parent 21a101ebc4
commit e7dc1c1fe2
4 changed files with 31 additions and 30 deletions

View file

@ -65,6 +65,24 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
}
c.Set(oauth.SessionAuthorizedToken, ti)
// check for application token
if clientID := ti.GetClientID(); clientID != "" {
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
// fetch app for this token
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
if err != nil {
if err != db.ErrNoEntries {
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
return
}
log.Warnf(ctx, "no app found for client %s", clientID)
return
}
c.Set(oauth.SessionAuthorizedApplication, app)
}
// check for user-level token
if userID := ti.GetUserID(); userID != "" {
log.Tracef(ctx, "authenticated user %s with bearer token, scope is %s", userID, ti.GetScope())
@ -81,12 +99,12 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
}
if user.ConfirmedAt.IsZero() {
log.Warnf(ctx, "authenticated user %s has never confirmed thier email address", userID)
log.Warnf(ctx, "authenticated user %s has never confirmed their email address", userID)
return
}
if !*user.Approved {
log.Warnf(ctx, "authenticated user %s's account was never approved by an admin", userID)
log.Warnf(ctx, "authenticated user %s's account not yet approved by an admin", userID)
return
}
@ -118,23 +136,5 @@ func TokenCheck(dbConn db.DB, validateBearerToken func(r *http.Request) (oauth2.
c.Set(oauth.SessionAuthorizedAccount, user.Account)
}
// check for application token
if clientID := ti.GetClientID(); clientID != "" {
log.Tracef(ctx, "authenticated client %s with bearer token, scope is %s", clientID, ti.GetScope())
// fetch app for this token
app, err := dbConn.GetApplicationByClientID(ctx, clientID)
if err != nil {
if err != db.ErrNoEntries {
log.Errorf(ctx, "database error looking for application with clientID %s: %s", clientID, err)
return
}
log.Warnf(ctx, "no app found for client %s", clientID)
return
}
c.Set(oauth.SessionAuthorizedApplication, app)
}
}
}

View file

@ -79,7 +79,7 @@ func Authed(c *gin.Context, requireToken bool, requireApp bool, requireUser bool
}
if requireUser && a.User == nil {
return nil, errors.New("user not supplied or not authorized")
return nil, errors.New("user not supplied, not authorized, not confirmed, or email address unconfirmed")
}
if requireAccount && a.Account == nil {

View file

@ -68,14 +68,15 @@ func (p *Processor) Create(
}
user, err := p.state.DB.NewSignup(ctx, gtsmodel.NewSignup{
Username: form.Username,
Email: form.Email,
Password: form.Password,
Reason: text.SanitizeToPlaintext(reason),
PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required.
SignUpIP: form.IP,
Locale: form.Locale,
AppID: app.ID,
Username: form.Username,
Email: form.Email,
EmailVerified: true,
Password: form.Password,
Reason: text.SanitizeToPlaintext(reason),
PreApproved: !config.GetAccountsApprovalRequired(), // Mark as approved if no approval required.
SignUpIP: form.IP,
Locale: form.Locale,
AppID: app.ID,
})
if err != nil {
err := fmt.Errorf("db error creating new signup: %w", err)

View file

@ -70,7 +70,7 @@ var testDefaults = config.Configuration{
InstanceDeliverToSharedInboxes: true,
AccountsRegistrationOpen: true,
AccountsApprovalRequired: true,
AccountsApprovalRequired: false,
AccountsReasonRequired: true,
AccountsAllowCustomCSS: true,
AccountsCustomCSSLength: 10000,