From b60d2327199965a165c8456a487f929f9ef56651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 29 Aug 2018 00:51:25 +0200 Subject: [PATCH 1/3] AccountView: `sensitive` is supposed to be a boolean, not a string --- lib/pleroma/web/mastodon_api/views/account_view.ex | 2 +- test/web/mastodon_api/account_view_test.exs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/web/mastodon_api/views/account_view.ex b/lib/pleroma/web/mastodon_api/views/account_view.ex index 7bc32e688..fb42e82c8 100644 --- a/lib/pleroma/web/mastodon_api/views/account_view.ex +++ b/lib/pleroma/web/mastodon_api/views/account_view.ex @@ -47,7 +47,7 @@ def render("account.json", %{user: user}) do source: %{ note: "", privacy: user_info.default_scope, - sensitive: "false" + sensitive: false } } end diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 35c8a1fb0..222c2d549 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -52,7 +52,7 @@ test "Represent a user account" do source: %{ note: "", privacy: "public", - sensitive: "false" + sensitive: false } } From ad2a7972e75e8738147aa5e67b6db04b45800b3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 29 Aug 2018 01:07:17 +0200 Subject: [PATCH 2/3] OAuth: Set `created_at` in token exchange response (for compatibility with Mastodon) --- lib/pleroma/web/oauth/oauth_controller.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index a5fb32a4e..934171585 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -60,11 +60,13 @@ def token_exchange(conn, %{"grant_type" => "authorization_code"} = params) do fixed_token = fix_padding(params["code"]), %Authorization{} = auth <- Repo.get_by(Authorization, token: fixed_token, app_id: app.id), - {:ok, token} <- Token.exchange_token(app, auth) do + {:ok, token} <- Token.exchange_token(app, auth), + {:ok, inserted_at} <- DateTime.from_naive(token.inserted_at, "Etc/UTC") do response = %{ token_type: "Bearer", access_token: token.token, refresh_token: token.refresh_token, + created_at: DateTime.to_unix(inserted_at), expires_in: 60 * 10, scope: "read write follow" } From 84d84e4ca49c02180828d65d95b841953ed04ef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20K=C3=BChl?= Date: Wed, 29 Aug 2018 01:25:40 +0200 Subject: [PATCH 3/3] OAuth: Support /revoke endpoint for revoking tokens (for compatibility with Mastodon) --- lib/pleroma/web/oauth/oauth_controller.ex | 12 ++++++++++++ lib/pleroma/web/router.ex | 1 + 2 files changed, 13 insertions(+) diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex index 934171585..160cedd8e 100644 --- a/lib/pleroma/web/oauth/oauth_controller.ex +++ b/lib/pleroma/web/oauth/oauth_controller.ex @@ -118,6 +118,18 @@ def token_exchange( token_exchange(conn, params) end + def token_revoke(conn, %{"token" => token} = params) do + with %App{} = app <- get_app_from_request(conn, params), + %Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id), + {:ok, %Token{}} <- Repo.delete(token) do + json(conn, %{}) + else + _error -> + # RFC 7009: invalid tokens [in the request] do not cause an error response + json(conn, %{}) + end + end + defp fix_padding(token) do token |> Base.url_decode64!(padding: false) diff --git a/lib/pleroma/web/router.ex b/lib/pleroma/web/router.ex index 927323794..5f746df31 100644 --- a/lib/pleroma/web/router.ex +++ b/lib/pleroma/web/router.ex @@ -93,6 +93,7 @@ def user_fetcher(username_or_email) do get("/authorize", OAuthController, :authorize) post("/authorize", OAuthController, :create_authorization) post("/token", OAuthController, :token_exchange) + post("/revoke", OAuthController, :token_revoke) end scope "/api/v1", Pleroma.Web.MastodonAPI do