* @param string $content
* @param string $type
* @param string|null $content_type
- * @return void
+ * @return never
* @throws HTTPException\InternalServerErrorException
*/
public function httpExit(string $content, string $type = Response::TYPE_HTML, ?string $content_type = null)
* @param mixed $content
* @param string $content_type
* @param int $options A combination of json_encode() binary flags
- * @return void
+ * @return never
* @throws HTTPException\InternalServerErrorException
* @see json_encode()
*/
* @param int $httpCode
* @param mixed $content
* @param string $content_type
- * @return void
+ * @return never
* @throws HTTPException\InternalServerErrorException
*/
public function jsonError(int $httpCode, $content, string $content_type = 'application/json')
$this->logAndJsonError(401, $this->errorFactory->Unauthorized('invalid_client', $this->t('Invalid data or unknown client')));
}
- if ($request['grant_type'] == 'client_credentials') {
+ $grant_type = (string) $request['grant_type'];
+
+ if (!in_array($grant_type, ['client_credentials', 'authorization_code'])) {
+ Logger::warning('Unsupported or missing grant type', ['request' => $_REQUEST]);
+ $this->logAndJsonError(422, $this->errorFactory->UnprocessableEntity($this->t('Unsupported or missing grant type')));
+ }
+
+ if ($grant_type === 'client_credentials') {
// the "client_credentials" are used as a token for the application itself.
// see https://aaronparecki.com/oauth-2-simplified/#client-credentials
$token = OAuth::createTokenForUser($application, 0, '');
- $me = null;
- } elseif ($request['grant_type'] == 'authorization_code') {
- // For security reasons only allow freshly created tokens
- $redirect_uri = strtok($request['redirect_uri'],'?');
- $condition = [
- "`redirect_uri` LIKE ? AND `id` = ? AND `code` = ? AND `created_at` > ?",
- $redirect_uri, $application['id'], $request['code'], DateTimeFormat::utc('now - 5 minutes')
- ];
-
- $token = DBA::selectFirst('application-view', ['access_token', 'created_at', 'uid'], $condition);
- if (!DBA::isResult($token)) {
- $this->logger->notice('Token not found or outdated', $condition);
- $this->logAndJsonError(401, $this->errorFactory->Unauthorized());
- }
- $owner = User::getOwnerDataById($token['uid']);
- $me = $owner['url'];
- } else {
- Logger::warning('Unsupported or missing grant type', ['request' => $_REQUEST]);
- $this->logAndJsonError(422, $this->errorFactory->UnprocessableEntity($this->t('Unsupported or missing grant type')));
+
+ $object = new \Friendica\Object\Api\Mastodon\Token(
+ $token['access_token'],
+ 'Bearer',
+ $application['scopes'],
+ $token['created_at'],
+ null
+ );
+
+ $this->jsonExit($object->toArray());
}
- $object = new \Friendica\Object\Api\Mastodon\Token($token['access_token'], 'Bearer', $application['scopes'], $token['created_at'], $me);
+ // now check for $grant_type === 'authorization_code'
+ // For security reasons only allow freshly created tokens
+ $redirect_uri = strtok($request['redirect_uri'],'?');
+ $condition = [
+ "`redirect_uri` LIKE ? AND `id` = ? AND `code` = ? AND `created_at` > ?",
+ $redirect_uri, $application['id'], $request['code'], DateTimeFormat::utc('now - 5 minutes')
+ ];
+
+ $token = DBA::selectFirst('application-view', ['access_token', 'created_at', 'uid'], $condition);
+ if (!DBA::isResult($token)) {
+ $this->logger->notice('Token not found or outdated', $condition);
+ $this->logAndJsonError(401, $this->errorFactory->Unauthorized());
+ }
+
+ $owner = User::getOwnerDataById($token['uid']);
+
+ $object = new \Friendica\Object\Api\Mastodon\Token(
+ $token['access_token'],
+ 'Bearer',
+ $application['scopes'],
+ $token['created_at'],
+ $owner['url']
+ );
$this->jsonExit($object->toArray());
}
projects / friendica.git / commitdiff