mirror of
https://github.com/mastodon/mastodon.git
synced 2025-06-09 14:49:14 +00:00
41 lines
1.2 KiB
Ruby
41 lines
1.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
|
|
skip_before_action :authenticate_resource_owner!
|
|
|
|
before_action :store_current_location
|
|
before_action :authenticate_resource_owner!
|
|
|
|
content_security_policy do |p|
|
|
p.form_action(false)
|
|
end
|
|
|
|
include Localized
|
|
|
|
private
|
|
|
|
def store_current_location
|
|
store_location_for(:user, request.url)
|
|
end
|
|
|
|
def render_success
|
|
# FIXME: Find a better way to apply this validation: if the scopes only
|
|
# includes offline_access, then it's not valid, since offline_access doesn't
|
|
# actually give access to resources:
|
|
if pre_auth.scopes.all?('offline_access')
|
|
error = Doorkeeper::OAuth::InvalidRequestResponse.new(reason: :offline_access_only, missing_param: nil)
|
|
render :error, locals: { error_response: error }, status: 400
|
|
elsif skip_authorization? || (matching_token? && !truthy_param?('force_login'))
|
|
redirect_or_render authorize_response
|
|
elsif Doorkeeper.configuration.api_only
|
|
render json: pre_auth
|
|
else
|
|
render :new
|
|
end
|
|
end
|
|
|
|
def truthy_param?(key)
|
|
ActiveModel::Type::Boolean.new.cast(params[key])
|
|
end
|
|
end
|