X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Foauth%2Foauth_controller.ex;h=e4d0601f8ba00b7b8963cb10b73a83f0c18b8abf;hb=ac72b578da673282b927b945bfe03cd3012444b6;hp=41b0f253df3c02dc81e3d6ea52e11a9f372a41a9;hpb=922abcda61298a7bca48894cb9a51a52fdeab1ed;p=akkoma
diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index 41b0f253d..e4d0601f8 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -1,12 +1,15 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors
+# Copyright © 2017-2019 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.OAuth.OAuthController do
use Pleroma.Web, :controller
- alias Pleroma.Web.OAuth.{Authorization, Token, App}
- alias Pleroma.{Repo, User}
+ alias Pleroma.Web.OAuth.Authorization
+ alias Pleroma.Web.OAuth.Token
+ alias Pleroma.Web.OAuth.App
+ alias Pleroma.Repo
+ alias Pleroma.User
alias Comeonin.Pbkdf2
plug(:fetch_session)
@@ -37,6 +40,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
true <- Pbkdf2.checkpw(password, user.password_hash),
{:auth_active, true} <- {:auth_active, User.auth_active?(user)},
%App{} = app <- Repo.get_by(App, client_id: client_id),
+ true <- redirect_uri in String.split(app.redirect_uris),
{:ok, auth} <- Authorization.create_authorization(app, user) do
# Special case: Local MastodonFE.
redirect_uri =