Update Copyrights

[akkoma] / lib / pleroma / plugs / oauth_plug.ex

diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex
index 9d43732eb43592cbafe41c6f2a08c947836ee44c..6fa71ef47ca57bdd6ad21e23e9d96f9753eee09f 100644 (file)
--- a/lib/pleroma/plugs/oauth_plug.ex
+++ b/lib/pleroma/plugs/oauth_plug.ex
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Plugs.OAuthPlug do
@@ -8,6 +8,7 @@ defmodule Pleroma.Plugs.OAuthPlug do
 
   alias Pleroma.Repo
   alias Pleroma.User
+  alias Pleroma.Web.OAuth.App
   alias Pleroma.Web.OAuth.Token
 
   @realm_reg Regex.compile!("Bearer\:?\s+(.*)$", "i")
@@ -22,18 +23,39 @@ defmodule Pleroma.Plugs.OAuthPlug do
       |> assign(:token, token_record)
       |> assign(:user, user)
     else
-      _ -> conn
+      _ ->
+        # token found, but maybe only with app
+        with {:ok, app, token_record} <- fetch_app_and_token(access_token) do
+          conn
+          |> assign(:token, token_record)
+          |> assign(:app, app)
+        else
+          _ -> conn
+        end
     end
   end
 
   def call(conn, _) do
-    with {:ok, token_str} <- fetch_token_str(conn),
-         {:ok, user, token_record} <- fetch_user_and_token(token_str) do
-      conn
-      |> assign(:token, token_record)
-      |> assign(:user, user)
-    else
-      _ -> conn
+    case fetch_token_str(conn) do
+      {:ok, token} ->
+        with {:ok, user, token_record} <- fetch_user_and_token(token) do
+          conn
+          |> assign(:token, token_record)
+          |> assign(:user, user)
+        else
+          _ ->
+            # token found, but maybe only with app
+            with {:ok, app, token_record} <- fetch_app_and_token(token) do
+              conn
+              |> assign(:token, token_record)
+              |> assign(:app, app)
+            else
+              _ -> conn
+            end
+        end
+
+      _ ->
+        conn
     end
   end
 
@@ -49,11 +71,21 @@ defmodule Pleroma.Plugs.OAuthPlug do
       )
 
     # credo:disable-for-next-line Credo.Check.Readability.MaxLineLength
-    with %Token{user: %{info: %{deactivated: false} = _} = user} = token_record <- Repo.one(query) do
+    with %Token{user: user} = token_record <- Repo.one(query) do
       {:ok, user, token_record}
     end
   end
 
+  @spec fetch_app_and_token(String.t()) :: {:ok, App.t(), Token.t()} | nil
+  defp fetch_app_and_token(token) do
+    query =
+      from(t in Token, where: t.token == ^token, join: app in assoc(t, :app), preload: [app: app])
+
+    with %Token{app: app} = token_record <- Repo.one(query) do
+      {:ok, app, token_record}
+    end
+  end
+
   # Gets token from session by :oauth_token key
   #
   @spec fetch_token_from_session(Plug.Conn.t()) :: :no_token_found | {:ok, String.t()}