mirror of
https://iceshrimp.dev/limepotato/jormungandr-bite.git
synced 2024-11-25 03:17:38 -07:00
[mastodon-client] Verify scopes are identical between /oauth/authorize and /oauth/token instead of testing whether they are a subset
This commit is contained in:
parent
3def0bdf7f
commit
9ee786e888
1 changed files with 2 additions and 2 deletions
|
@ -5,7 +5,7 @@ import { genId } from "@/misc/gen-id.js";
|
|||
import { fetchMeta } from "@/misc/fetch-meta.js";
|
||||
import { MastoContext } from "@/server/api/mastodon/index.js";
|
||||
import { MastoApiError } from "@/server/api/mastodon/middleware/catch-errors.js";
|
||||
import { toSingleLast, unique } from "@/prelude/array.js";
|
||||
import { difference, toSingleLast, unique } from "@/prelude/array.js";
|
||||
import { ILocalUser } from "@/models/entities/user.js";
|
||||
|
||||
export class AuthHelpers {
|
||||
|
@ -111,7 +111,7 @@ export class AuthHelpers {
|
|||
if (body.grant_type !== 'authorization_code') throw new MastoApiError(400, "Invalid grant_type");
|
||||
if (!app || body.client_secret !== app.clientSecret) throw invalidClientError;
|
||||
if (!token || app.id !== token.appId) throw new MastoApiError(401, "Invalid code");
|
||||
if (!scopes.every(p => app.scopes.includes(p))) throw invalidScopeError;
|
||||
if (difference(scopes, app.scopes).length > 0) throw invalidScopeError;
|
||||
if (!app.redirectUris.includes(body.redirect_uri)) throw new MastoApiError(400, "Redirect URI not in list");
|
||||
|
||||
await OAuthTokens.update(token.id, { active: true });
|
||||
|
|
Loading…
Reference in a new issue