Use ISO-639-1 for the language detection

[friendica.git] / src / Security / OAuth.php

diff --git a/src/Security/OAuth.php b/src/Security/OAuth.php
index a28424c5eae482711e2e5b5fc5e8705251c983ef..7655398b35118a96fcfbddd3d8e4ec359c25dea4 100644 (file)
--- a/src/Security/OAuth.php
+++ b/src/Security/OAuth.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -22,10 +22,14 @@
 namespace Friendica\Security;
 
 use Friendica\Core\Logger;
+use Friendica\Core\Worker;
 use Friendica\Database\Database;
 use Friendica\Database\DBA;
+use Friendica\Model\Contact;
+use Friendica\Model\User;
 use Friendica\Module\BaseApi;
 use Friendica\Util\DateTimeFormat;
+use GuzzleHttp\Psr7\Uri;
 
 /**
  * OAuth Server
@@ -96,10 +100,18 @@ class OAuth
 
                $token = DBA::selectFirst('application-view', ['uid', 'id', 'name', 'website', 'created_at', 'read', 'write', 'follow', 'push'], $condition);
                if (!DBA::isResult($token)) {
-                       Logger::warning('Token not found', $condition);
+                       Logger::notice('Token not found', $condition);
                        return [];
                }
                Logger::debug('Token found', $token);
+
+               User::updateLastActivity($token['uid']);
+
+               // Regularly update suggestions
+               if (Contact\Relation::areSuggestionsOutdated($token['uid'])) {
+                       Worker::add(Worker::PRIORITY_MEDIUM, 'UpdateSuggestions', $token['uid']);
+               }
+
                return $token;
        }
 
@@ -117,8 +129,11 @@ class OAuth
                if (!empty($client_secret)) {
                        $condition['client_secret'] = $client_secret;
                }
+
                if (!empty($redirect_uri)) {
-                       $condition['redirect_uri'] = $redirect_uri;
+                       $uri = new Uri($redirect_uri);
+                       $redirect_uri = $uri->getScheme() . '://' . $uri->getHost() . $uri->getPath();
+                       $condition = DBA::mergeConditions($condition, ["`redirect_uri` LIKE ?", '%' . $redirect_uri . '%']);
                }
 
                $application = DBA::selectFirst('application', [], $condition);
@@ -126,6 +141,12 @@ class OAuth
                        Logger::warning('Application not found', $condition);
                        return [];
                }
+
+               // The redirect_uri could contain several URI that are separated by spaces.
+               if (($application['redirect_uri'] != $redirect_uri) && !in_array($redirect_uri, explode(' ', $application['redirect_uri']))) {
+                       return [];
+               }
+
                return $application;
        }
 
@@ -176,7 +197,8 @@ class OAuth
                        'write'          => (stripos($scope, BaseApi::SCOPE_WRITE) !== false),
                        'follow'         => (stripos($scope, BaseApi::SCOPE_FOLLOW) !== false),
                        'push'           => (stripos($scope, BaseApi::SCOPE_PUSH) !== false),
-                       'created_at'     => DateTimeFormat::utcNow(DateTimeFormat::MYSQL)];
+                       'created_at'     => DateTimeFormat::utcNow()
+               ];
 
                foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_PUSH] as $scope) {
                        if ($fields[$scope] && !$application[$scope]) {