Issue 13949: Block access via OAuth

diff --git a/database.sql b/database.sql
index 3ffb6ad07c85ca2e59041590d7b69bb04f8d253b..68895634725816787cdc4275b64ded479d809451 100644 (file)
--- a/database.sql
+++ b/database.sql
@@ -1,6 +1,6 @@
 -- ------------------------------------------
 -- Friendica 2024.03-rc (Yellow Archangel)
--- DB_UPDATE_VERSION 1554
+-- DB_UPDATE_VERSION 1555
 -- ------------------------------------------
 
 
@@ -2017,7 +2017,8 @@ CREATE VIEW `application-view` AS SELECT
        `application-token`.`follow` AS `follow`,
        `application-token`.`push` AS `push`
        FROM `application-token`
-                       INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`;
+                       INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
+                       INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`;
 
 --
 -- VIEW circle-member-view

diff --git a/src/Module/OAuth/Revoke.php b/src/Module/OAuth/Revoke.php
index b98f943dafed4167c1676dc5803728800ac34379..a3532fb2ef859d8fe2cc0ee9ca35054143a40248 100644 (file)
--- a/src/Module/OAuth/Revoke.php
+++ b/src/Module/OAuth/Revoke.php
@@ -21,10 +21,7 @@
 
 namespace Friendica\Module\OAuth;
 
-use Friendica\Core\Logger;
-use Friendica\Core\System;
 use Friendica\Database\DBA;
-use Friendica\DI;
 use Friendica\Module\BaseApi;
 use Friendica\Module\Special\HTTPException;
 use Psr\Http\Message\ResponseInterface;

diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php
index bc53b401d7e1170cc9f59bf63734624f70bdf792..ec12150f83f15e2ae5fbe9411493459dad05d63d 100644 (file)
--- a/src/Module/OAuth/Token.php
+++ b/src/Module/OAuth/Token.php
@@ -22,15 +22,12 @@
 namespace Friendica\Module\OAuth;
 
 use Friendica\Core\Logger;
-use Friendica\Core\System;
 use Friendica\Database\DBA;
-use Friendica\DI;
 use Friendica\Model\User;
 use Friendica\Module\BaseApi;
 use Friendica\Module\Special\HTTPException;
 use Friendica\Security\OAuth;
 use Friendica\Util\DateTimeFormat;
-use GuzzleHttp\Psr7\Uri;
 use Psr\Http\Message\ResponseInterface;
 
 /**

diff --git a/src/Security/OAuth.php b/src/Security/OAuth.php
index 6d1aba276c5f45f5ee0ef977a3e864d07c177c43..eb4b3eba4dd886f31289a6b9790281d74ce27c52 100644 (file)
--- a/src/Security/OAuth.php
+++ b/src/Security/OAuth.php
@@ -29,7 +29,6 @@ use Friendica\Model\Contact;
 use Friendica\Model\User;
 use Friendica\Module\BaseApi;
 use Friendica\Util\DateTimeFormat;
-use GuzzleHttp\Psr7\Uri;
 
 /**
  * OAuth Server

diff --git a/static/dbstructure.config.php b/static/dbstructure.config.php
index 98567bbbceee34fc8325690266f3ba9a8926c715..70b78f4c77bc8fc0cbf1d035b719adc1634a0234 100644 (file)
--- a/static/dbstructure.config.php
+++ b/static/dbstructure.config.php
@@ -56,7 +56,7 @@ use Friendica\Database\DBA;
 
 // This file is required several times during the test in DbaDefinition which justifies this condition
 if (!defined('DB_UPDATE_VERSION')) {
-       define('DB_UPDATE_VERSION', 1554);
+       define('DB_UPDATE_VERSION', 1555);
 }
 
 return [

diff --git a/static/dbview.config.php b/static/dbview.config.php
index 7ce0fca393003cac5014527b1ff0a4ac2cbfc13b..be88ee24fbc6bf372e98317ca652e865740df859 100644 (file)
--- a/static/dbview.config.php
+++ b/static/dbview.config.php
@@ -56,7 +56,8 @@
                        "push" => ["application-token", "push"],
                ],
                "query" => "FROM `application-token`
-                       INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`"
+                       INNER JOIN `application` ON `application-token`.`application-id` = `application`.`id`
+                       INNER JOIN `user` ON `user`.`uid` = `application-token`.`uid` AND `user`.`verified` AND NOT `user`.`blocked` AND NOT `user`.`account_removed` AND NOT `user`.`account_expired`"
        ],
        "circle-member-view" => [
                "fields" => [