X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmastodon_api%2Fcontrollers%2Fauth_controller.ex;h=a9ccaa982dfc5be4f0e370be005441229b971645;hb=6be3383a094d2d9b017b548de53e67ed6e8c9811;hp=f415e5931ee0a189f098e9bbd592f4938b5d80fd;hpb=429e2ac832a874ae8ba8a9c116da61a6273c8a87;p=akkoma

diff --git a/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex b/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex
index f415e5931..a9ccaa982 100644
--- a/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/auth_controller.ex
@@ -7,6 +7,7 @@ defmodule Pleroma.Web.MastodonAPI.AuthController do
 
   import Pleroma.Web.ControllerHelper, only: [json_response: 3]
 
+  alias Pleroma.Helpers.AuthHelper
   alias Pleroma.Helpers.UriHelper
   alias Pleroma.User
   alias Pleroma.Web.OAuth.App
@@ -26,13 +27,15 @@ defmodule Pleroma.Web.MastodonAPI.AuthController do
   def login(conn, %{"code" => auth_token} = params) do
     with {:ok, app} <- local_mastofe_app(),
          {:ok, auth} <- Authorization.get_by_token(app, auth_token),
-         {:ok, oauth_token} <- Token.exchange_token(app, auth) do
+         %User{} = user <- User.get_cached_by_id(auth.user_id),
+         {:ok, oauth_token} <- Token.get_or_exchange_token(auth, app, user) do
       redirect_to =
         conn
         |> local_mastodon_post_login_path()
         |> UriHelper.modify_uri_params(%{"access_token" => oauth_token.token})
 
       conn
+      |> AuthHelper.put_session_token(oauth_token.token)
       |> redirect(to: redirect_to)
     else
       _ -> redirect_to_oauth_form(conn, params)
@@ -40,9 +43,9 @@ defmodule Pleroma.Web.MastodonAPI.AuthController do
   end
 
   def login(conn, params) do
-    with %{assigns: %{user: %User{}, token: %Token{app_id: app_id, token: token}}} <- conn,
+    with %{assigns: %{user: %User{}, token: %Token{app_id: app_id}}} <- conn,
          {:ok, %{id: ^app_id}} <- local_mastofe_app() do
-      redirect(conn, to: local_mastodon_post_login_path(conn) <> "?access_token=#{token}")
+      redirect(conn, to: local_mastodon_post_login_path(conn))
     else
       _ -> redirect_to_oauth_form(conn, params)
     end
@@ -66,8 +69,9 @@ defmodule Pleroma.Web.MastodonAPI.AuthController do
   def logout(conn, _) do
     conn =
       with %{assigns: %{token: %Token{} = oauth_token}} <- conn,
-           {:ok, %Token{token: _session_token}} <- RevokeToken.revoke(oauth_token) do
-        conn
+           session_token = AuthHelper.get_session_token(conn),
+           {:ok, %Token{token: ^session_token}} <- RevokeToken.revoke(oauth_token) do
+        AuthHelper.delete_session_token(conn)
       else
         _ -> conn
       end