<?php
/**
- * @copyright Copyright (C) 2010-2022, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
namespace Friendica\Security;
use Friendica\Core\Logger;
+use Friendica\Core\Worker;
use Friendica\Database\Database;
use Friendica\Database\DBA;
+use Friendica\Model\Contact;
+use Friendica\Model\User;
use Friendica\Module\BaseApi;
use Friendica\Util\DateTimeFormat;
+use GuzzleHttp\Psr7\Uri;
/**
* OAuth Server
$token = DBA::selectFirst('application-view', ['uid', 'id', 'name', 'website', 'created_at', 'read', 'write', 'follow', 'push'], $condition);
if (!DBA::isResult($token)) {
- Logger::warning('Token not found', $condition);
+ Logger::notice('Token not found', $condition);
return [];
}
Logger::debug('Token found', $token);
+
+ User::updateLastActivity($token['uid']);
+
+ // Regularly update suggestions
+ if (Contact\Relation::areSuggestionsOutdated($token['uid'])) {
+ Worker::add(Worker::PRIORITY_MEDIUM, 'UpdateSuggestions', $token['uid']);
+ }
+
return $token;
}
if (!empty($client_secret)) {
$condition['client_secret'] = $client_secret;
}
+
if (!empty($redirect_uri)) {
- $condition['redirect_uri'] = $redirect_uri;
+ $uri = new Uri($redirect_uri);
+ $redirect_uri = $uri->getScheme() . '://' . $uri->getHost() . $uri->getPath();
+ $condition = DBA::mergeConditions($condition, ["`redirect_uri` LIKE ?", '%' . $redirect_uri . '%']);
}
$application = DBA::selectFirst('application', [], $condition);
Logger::warning('Application not found', $condition);
return [];
}
+
+ // The redirect_uri could contain several URI that are separated by spaces.
+ if (($application['redirect_uri'] != $redirect_uri) && !in_array($redirect_uri, explode(' ', $application['redirect_uri']))) {
+ return [];
+ }
+
return $application;
}
'write' => (stripos($scope, BaseApi::SCOPE_WRITE) !== false),
'follow' => (stripos($scope, BaseApi::SCOPE_FOLLOW) !== false),
'push' => (stripos($scope, BaseApi::SCOPE_PUSH) !== false),
- 'created_at' => DateTimeFormat::utcNow()];
+ 'created_at' => DateTimeFormat::utcNow()
+ ];
foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_PUSH] as $scope) {
if ($fields[$scope] && !$application[$scope]) {