X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FSecurity%2FOAuth.php;h=7655398b35118a96fcfbddd3d8e4ec359c25dea4;hb=3f2b0b9422915529a0ea585aa4325b6d2f2f65cd;hp=b3573fd68ff86bec8f6314203f6a96729d8202e4;hpb=ecaed2a8450ab8423b4e5ef60ac9a249be60901a;p=friendica.git

diff --git a/src/Security/OAuth.php b/src/Security/OAuth.php
index b3573fd68f..7655398b35 100644
--- a/src/Security/OAuth.php
+++ b/src/Security/OAuth.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2010-2021, the Friendica project
+ * @copyright Copyright (C) 2010-2023, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -22,10 +22,14 @@
 namespace Friendica\Security;
 
 use Friendica\Core\Logger;
+use Friendica\Core\Worker;
 use Friendica\Database\Database;
 use Friendica\Database\DBA;
+use Friendica\Model\Contact;
+use Friendica\Model\User;
 use Friendica\Module\BaseApi;
 use Friendica\Util\DateTimeFormat;
+use GuzzleHttp\Psr7\Uri;
 
 /**
  * OAuth Server
@@ -96,10 +100,18 @@ class OAuth
 
 		$token = DBA::selectFirst('application-view', ['uid', 'id', 'name', 'website', 'created_at', 'read', 'write', 'follow', 'push'], $condition);
 		if (!DBA::isResult($token)) {
-			Logger::warning('Token not found', $condition);
+			Logger::notice('Token not found', $condition);
 			return [];
 		}
 		Logger::debug('Token found', $token);
+
+		User::updateLastActivity($token['uid']);
+
+		// Regularly update suggestions
+		if (Contact\Relation::areSuggestionsOutdated($token['uid'])) {
+			Worker::add(Worker::PRIORITY_MEDIUM, 'UpdateSuggestions', $token['uid']);
+		}
+
 		return $token;
 	}
 
@@ -117,8 +129,11 @@ class OAuth
 		if (!empty($client_secret)) {
 			$condition['client_secret'] = $client_secret;
 		}
+
 		if (!empty($redirect_uri)) {
-			$condition['redirect_uri'] = $redirect_uri;
+			$uri = new Uri($redirect_uri);
+			$redirect_uri = $uri->getScheme() . '://' . $uri->getHost() . $uri->getPath();
+			$condition = DBA::mergeConditions($condition, ["`redirect_uri` LIKE ?", '%' . $redirect_uri . '%']);
 		}
 
 		$application = DBA::selectFirst('application', [], $condition);
@@ -126,6 +141,12 @@ class OAuth
 			Logger::warning('Application not found', $condition);
 			return [];
 		}
+
+		// The redirect_uri could contain several URI that are separated by spaces.
+		if (($application['redirect_uri'] != $redirect_uri) && !in_array($redirect_uri, explode(' ', $application['redirect_uri']))) {
+			return [];
+		}
+
 		return $application;
 	}
 
@@ -176,7 +197,8 @@ class OAuth
 			'write'          => (stripos($scope, BaseApi::SCOPE_WRITE) !== false),
 			'follow'         => (stripos($scope, BaseApi::SCOPE_FOLLOW) !== false),
 			'push'           => (stripos($scope, BaseApi::SCOPE_PUSH) !== false),
-			'created_at'     => DateTimeFormat::utcNow()];
+			'created_at'     => DateTimeFormat::utcNow()
+		];
 
 		foreach ([BaseApi::SCOPE_READ, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_WRITE, BaseApi::SCOPE_PUSH] as $scope) {
 			if ($fields[$scope] && !$application[$scope]) {