Issue 11101: Fix API authentification

author Michael <heluecht@pirati.ca>

Fri, 17 Dec 2021 07:04:52 +0000 (07:04 +0000)

committer Michael <heluecht@pirati.ca>

Fri, 17 Dec 2021 07:04:52 +0000 (07:04 +0000)
author Michael <heluecht@pirati.ca>
Fri, 17 Dec 2021 07:04:52 +0000 (07:04 +0000)
committer Michael <heluecht@pirati.ca>
Fri, 17 Dec 2021 07:04:52 +0000 (07:04 +0000)
diff --git a/src/Module/Api/Mastodon/Apps.php b/src/Module/Api/Mastodon/Apps.php

index 30ea29ac3086fa9fac6a17067d071df4282195c6..582232642a183398adbc13b58578f3b2fbbb7b3f 100644 (file)
--- a/src/Module/Api/Mastodon/Apps.php
+++ b/src/Module/Api/Mastodon/Apps.php
@@ -26,12 +26,17 @@ use Friendica\Database\DBA;
  use Friendica\DI;
  use Friendica\Module\BaseApi;
  use Friendica\Util\Network;
+use Psr\Http\Message\ResponseInterface;
  
  /**
   * Apps class to register new OAuth clients
   */
  class Apps extends BaseApi
  {
+       public function run(array $request = [], bool $scopecheck = true): ResponseInterface
+       {
+               return parent::run($request, false);
+       }
         /**
          * @throws \Friendica\Network\HTTPException\InternalServerErrorException
          */
diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php

index 233edeec8a4b6fd2eb521a3cf8324d4f2eec88a7..61f83130dd67398e4654a298d0a299a561add213 100644 (file)
--- a/src/Module/BaseApi.php
+++ b/src/Module/BaseApi.php
@@ -79,19 +79,21 @@ class BaseApi extends BaseModule
          *
          * @throws HTTPException\ForbiddenException
          */
-       public function run(array $request = []): ResponseInterface
+       public function run(array $request = [], bool $scopecheck = true): ResponseInterface
         {
-               switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
-                       case Router::DELETE:
-                       case Router::PATCH:
-                       case Router::POST:
-                       case Router::PUT:
-                               self::checkAllowedScope(self::SCOPE_WRITE);
-
-                               if (!self::getCurrentUserID()) {
-                                       throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
-                               }
-                               break;
+               if ($scopecheck) {
+                       switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
+                               case Router::DELETE:
+                               case Router::PATCH:
+                               case Router::POST:
+                               case Router::PUT:
+                                       self::checkAllowedScope(self::SCOPE_WRITE);
+       
+                                       if (!self::getCurrentUserID()) {
+                                               throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
+                                       }
+                                       break;
+                       }       
                 }
  
                 return parent::run($request);
author	Michael <heluecht@pirati.ca>
	Fri, 17 Dec 2021 07:04:52 +0000 (07:04 +0000)
committer	Michael <heluecht@pirati.ca>
	Fri, 17 Dec 2021 07:04:52 +0000 (07:04 +0000)
src/Module/Api/Mastodon/Apps.php		patch \| blob \| history
src/Module/BaseApi.php		patch \| blob \| history